Acct 405 Midterm I Chapters #1-7
Examples of a potentially fraudulent situation
- Misappropriation of funds, securities, supplies, or other assets - Impropriety in the handling or reporting of money or financial transactions - Profiteering as a result of insider knowledge of company activities - Disclosing confidential and proprietary information to outside parties - Disclosing to others, securities activities engaged in or contemplated by the company - Accepting or seeking anything of material value from contractors, vendors, or persons providing services/materials to the company. Exception: gifts less than US $50 in value. - Destruction, removal, or inappropriate use of records, furniture, fixtures, and equipment
Give examples of behavioral indications of fraud
According to Albrecht, the ten most highly-ranked factors of personal indications of fraud are: 1. Living beyond ones means 2. An overwhelming desire for personal gain 3. High personal debt 4. A close association with customers 5. Feeling pay was not commensurate with responsibility 6. A wheeler-dealer attitude 7. Strong challenge to beat the system 8. Excessive gambling habits 9. Undue family or peer pressure 10. Feeling of no recognition for job performance
Compare and contrast Cressey and Albrecht's theories of crime causation
Albrecht's conclusions are similar to Cressey's in that they both agreed that financial pressure and perceived opportunity are essential for the occurrence of fraud. Cressey's third factor, however, focused on the perpetrator's ability to rationalize illegal behavior, while Albrecht concluded that personal integrity would deter an individual from committing fraud. Cressey primarily explored the reasons why fraud was committed, while Albrecht developed a list of "red flags" that might give clues to the possibility of fraud and who would be most likely to commit various types of fraud.
Differentiate between fraud and abuse
Although fraud and abuse both involve an intentional deception that causes its victim to suffer an economic loss and/or the perpetrator to realize a gain, abuse does not rise to the level of fraud. Abuse is often a way to describe a variety of petty crimes and other counterproductive behavior i.e. surfing the web while at work, coming to work late or leaving early, using sick leave when not sick (that have become common and even slightly condoned in the workplace)
What is meant by demonstrative evidence? Give examples.
Demonstrative evidence is any evidence that purports to educate, summarize or amplify real evidence. PowerPoint slides, summary schedules, graphics, pictures, reenactments, model, etc are all forms of demonstrative evidence. Demonstrative evidence tends to tell a story and complements other forms of evidence such as real and testimonial evidence. Some examples of demonstrative evidence include: - Photographs and videotapes - Maps, charts, diagrams, drawings - Scale models - Computer reconstructions or animations - Scientific tests or experiments
Generally, how is the problem of management override and collusion addressed?
Depending on the individuals involved, internal controls cannot prevent management override or collusive behavior by and among senior management. Since prevention (segregation of duties, approvals and authorizations) is not possible in a collusive environment, the principal internal control procedures will be centered on detection. The fear of detection may be an effective deterrence mechanism, but that does not eliminate the concern that traditionally designed internal control systems centered on prevention will not be effective when management override or collusion is present. Thus, internal and external auditors, fraud examiners, and forensic accounting professionals must design procedures to detect such activity.
Why is financial statement fraud often considered a complex fraud?
Financial statement fraud is more often than not a complex fraud. It almost always involves the chief financial officer, controller or some other sophisticated participant within the financial reporting structure. It also often involves top leadership in the organization such as the chief executive officer, chief operating officer, president or others with significant levels of authority. While not always predatory, at least at the time of inception, it is almost always collusive. Executive level individuals work in concert (collusively) to override the system of internal controls through the sophisticated use of journal entries, significant estimates and other financial reporting choices and through material unusual, one-time transactions.
Describe the services that forensic accountants might provide related to a marital dispute
Forensic accountants may assist attorneys with assembling the financial information necessary to either bolster (strengthen) or undercut a case. This may include ex: locating hidden marital assets or income, calculating the PV of future cash flow from retirement plans and providing testimony in the case
How is the concept of an "organization" involved in mixing illegal activities with legitimate ones?
Fraud and forensic accounting professionals must understand the "organization," even if the organization is not recognized as a legal entity. Some organizations may simply be networks of individuals or entities that use a business to mix legitimate and illicit activities. For example, assume that a local business is used as a conduit for money laundering. The operations of the business may be completely legitimate, except for the money laundering activity. The business is also part of a larger organization in which other persons and/or entities are transacting illegal business activities that generate illicit cash proceeds. This cash needs to be "laundered" to appear legitimate. One of the main challenges for investigators is to isolate the illicit from the legitimate activities.
Describe the fraud examiner/forensic accountant's approach to investigations
Fraud examination and forensic accounting entail examining documents, reviewing records, and interviewing witnesses
Explain fraud examination methodoly
Fraud examination involves obtaining documentary evidence, interviewing witnesses and potential suspects, writing investigative reports, testifying to findings, and assisting in the general detection and prevention of fraud
What employment opportunities currently exist for fraud examiners and financial forensic specialists?
Fraud examiners and fin. forensic specialists work in accounting and professional service firms which provide deterrence, detection, investigation, and remediation services to a variety of organizations. In addition, internal audit, corporate compliance, security and internal investigation units all operate within public and private companies and utilize the skills of the fraud examiner and the financial forensic professional. Regulatory agencies, government and not-for-profit, and law enforcement agencies also hire specialists in these areas.
What approaches are used by investigators to obtain documents?
Generally, investigators can obtain documents using three approaches: • Voluntary consent • Subpoena • Search Warrant
What constitutes "good cause" in the discharge of an employee?
Good cause might include: - The employee's conduct was against written policy. - The employee's conduct made for unsafe or inefficient business operations. - The company completed a reasonable investigation to ensure that any such questionable act was committed by the employee and has evidence to support such a claim. - The investigation was fair, objective and evidence suggested the elimination of alternative suspects. - The termination was nondiscriminatory, meaning that all persons committing such an act were or would be terminated. - The "punishment fit the crime," meaning that the punishment is reasonable given the nature of the offense.
How might a hacker access and manipulate a computer for illegal purposes?
Hackers generally use various "rogue" software applications to penetrate a system. Sometimes hackers surreptitiously incorporate unsuspecting computer owners into their schemes by installing programs that are downloaded via an e-mail or by visiting a website. These programs operate in the background of the infected computer and can disable security settings and capture information that is then sent back to the hacker. The most direct way of gaining access to a computer is to use someone else's user identification and password, or generate (without authorization) a system-acceptable user name and password. Hackers may use a variety of methods to invade computer systems, including: Trojan Horse. A Trojan horse is the covert placement of instructions in a program that causes the computer to perform unauthorized functions but usually still allows the program to perform its normal functions. This method is one of the most commonly used techniques in computer-based frauds and sabotage. Trap Doors. When developing large programs, programmers insert instructions for additional code and intermediate output capabilities. The design of computer operating systems attempts to prevent this from happening. Therefore, programmers insert instructions that allow them to circumvent these controls. When located, hackers take advantage of these trap doors. Salami Techniques. Salami techniques involve the execution of unauthorized programs used to steal small amounts of assets from a large number of transactions without noticeably reducing the whole. For example, in a banking system, the amount of interest to be credited to an account is typically rounded off. A fraudster might set up the system so that the rounded-off portion of the number is credited to a special account owned by the perpetrator. Logic Bombs. A logic bomb is a computer program executed at a specific time period or when a specific event occurs. For example, a programmer can write a program to instruct the computer to delete all personnel and payroll files if his access (user name) were ever to be removed from the file. Data Diddling. Data diddling is the changing of data before or during entry into the computer system. Examples include forging or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified replacements. Scavenging and Dumpster Diving. Scavenging is obtaining information left around a computer system, in the computer room trashcans, etc. Dumpster diving refers to gleaning sensitive information from an organization's trash receptacles and dumpsters. Such techniques can be used to obtain user names and passwords to gain access to computer systems. Data Leakage. Data leakage is the removing of information by smuggling it out of an organization as part of a printed document, disguising or hiding the information and removing it from the facility. Piggybacking/Impersonation. Piggybacking and impersonation are frequently used to gain access to restricted areas. Examples include following someone with a badge reader in through a door, using an authorized user's identification and password to gain computer access, and tapping into the terminal link of a user to cause the computer to believe that both terminals are the same person. Simulation and Modeling. Simulation and modeling is a computer manipulation technique using the computer as a tool or instrument to plan or control a criminal act. Wire Tapping. Wire tapping into a computer's communications links is another technique used by hackers. This method enables perpetrators to read the information being transmitted between computers or between computers and terminals. Properly designed and implemented encryption techniques can be used to minimize the risk that any intercepted data can be used for nefarious purposes. Network Weaving. This technique, also known as "looping," involves using numerous networks in an attempt to avoid detection. For example, a hacker might dial into Company A's PBX system to obtain an outside line that can be used to dial into Company B's network. If Company B can track the origin of the hacker's call, it will lead them to Company A, not to the hacker. Hackers have been known to "loop" through 15 or 20 different networks before arriving at their final destination. Altering Password Generation. Some user names and passwords are generated by a computer system's "randomizer" function. For example, some Internet-based retailers (ISPs) give first-time users a randomly generated password (and sometimes a random user name as well), which allows the person online access. Subsequent to the first visit, the user may change the log-on information to their own preference. By learning how a system's randomizer works, the hacker can imitate the generation of users names, passwords or even alter how the system operates. Buffer Overflow Exploits. Buffer overflow exploits are a significant problem in computer security. In application programs, buffer storage areas temporarily hold data. These buffers have a fixed size. A hacker can execute a data "overflow" program and then initiate a data overload; he or she overflows a program then siphons off data generated by the system that cannot be stored in the buffer storage. The buffer overflow program may execute any number of tasks, from sending captured passwords to Russia, to altering system files, installing backdoors, etc., depending on what instructions the attacker sent to the buffer. Privilege Escalation Exploits. Privilege escalation exploits grant administrator or root-level access to users who are not authorized for such access. Backdoors. Backdoors allow attackers to remotely access systems at any point in the future, where computer operators do not know such access exists.
What is meant by "hacking?"
Hacking entails breaking into computer systems, such as telecommunication systems, by determining the vulnerabilities of various hardware and software components and using technology to systematically "guess" the authorized user's access codes for the purpose of gaining unauthorized access to computer systems and the information contained therein..
Explain the relationship between an employee's position and the level of theft (according to Hollinger and Clark's research).
Hollinger and Clark found that thefts were highest in jobs with greater access to the things of value in the organization. However; the employee's position only affects the method and amount of the theft after the decision to steal has already been made.
Other than accounting, which disciplines do fraud examination and financial forensics encompass (9)?
In addition to accounting, fraud examination and financial forensics include finance, economics, law, psychology, sociology, criminology, information technology, business management, and communications.
What are the different types of schemes associated with complex frauds?
In addition to financial statement fraud, corruption including bribery, illegal gratuities, economic extortion and conflicts of interest is associated with complex frauds.
Under what circumstances would a Miranda Warning be required?
In custodial settings by law enforcement; those settings where the suspected perpetrator has been taken into custody and denied freedom (presumably against their will) requires that a Miranda Warning be read to them.
What is a documentary letter of credit used for?
In order to transact business internationally, some businesses located in foreign locales require cash payments in advance. This is advantageous for the provider of goods and services but has the potential to put the buyer in a cash flow crunch. As a substitute for cash in advance, some providers of goods and services accept documentary letters of credit. This is a common form of international payment because both the buyer and seller are afforded some protection.
Fraud
Intentional deception, whether by omission or co-mission that causes a victim to suffer an economic loss and/or the perpetrator to realize a gain.
Why is Internet fraud particularly difficult to police?
Laws that currently apply to the Internet are difficult to enforce, because the Internet crosses international borders. The lack of a common set of international laws and the difficulty related to enforcing existing laws gives Internet fraudsters a better-than-average chance of avoiding capture and punishment.
List and describe various types of computer viruses.
Macro Virus. A macro is an instruction that automatically carries out program commands. Boot Sector Viruses. The boot sector is the first logical sector of a hard disk or floppy disk. A large majority of viruses have been boot sector viruses. These viruses use system BIOS, replace the boot sector or move the boot sector to another location. It then writes a copy of its own program code which will run every time the system is booted or when programs are run. Parasitic Viruses. Parasitic viruses attach themselves to programs, also known as executable files. When a user launches a program that has a parasitic virus, the virus is surreptitiously launched first. To cloak its presence from the user, the virus then triggers the original program to open. The parasitic virus, because the operating system understands it to be part of the program, is given the same rights as the program to which the virus is attached. These rights allow the virus to replicate, install itself into memory, or release its payload. TSRAM Viruses. Terminate and Stay Resident (TSR) viruses usually hide in memory and cause system crashes, depending on their memory location. Application Software Viruses. These types of viruses copy their virus code to a program file and modify the program so the virus code gets executed first. Multi-Partite Viruses. Multi-partite viruses share some of the characteristics of boot sector viruses and file viruses, which increases its ability to spread. They can infect .COM and .EXE files, and the boot sector of the computer's hard drive. Polymorphic Viruses. Polymorphic viruses create varied (though fully functional) copies of themselves as a way to avoid detection from antivirus software. Stealth Viruses. The stealth viruses are the more sophisticated viruses. They constantly change their patterns in an effort to blend into the system like a chameleon. They attempt to avoid detection by bypassing DOS interrupt calls when they are installed, and remove their code from the infected files before the file is accessed by the requesting program. Mutation Engine Viruses. This "modern day" virus uses a special language-driven algorithm generator that enables it to create an infinite variety of original encryption algorithms. It avoids the checksum detection method like the stealth viruses by not changing the infected file size. Each time they replicate, they produce a new and different code. Network Viruses. These viruses generally are developed to attack the file servers. The boot sector and partition table viruses infect the boot operation of the file server. Worms. A worm is a self-replicating program which resides as a file on a system, executes an autonomous process, and deliberately moves from system to system. It looks for other nodes on the networks, copies itself to them, and causes the self-copy to execute on other nodes.
What are the primary responsibilities of management?
Management is first and foremost responsible for ensuring that a corporation meets is strategic, operational and performance objectives. Statement on Auditing Standards (SAS) No. 1 states that "Management is responsible for adopting sound accounting policies and for establishing and maintaining internal control that will, among other things, initiate, authorize, record, process and report transactions (as well as events and conditions) consistent with management's assertions embodied in the financial statements." More specifically, these latter obligations require management to design and implement a system of internal controls, processes and procedures necessary to safeguard the resources of the entity and ensure relevant and reliable financial reporting.
What is the difference between a predator and an "accidental fraudster?"
Notwithstanding the fraud act, the accidental fraudster is considered a good, law-abiding person, who under normal circumstances would never consider theft, breaking important laws or harming others. The predator seeks out organizations where he or she can start to scheme almost immediately upon being hired. At some point, many accidental fraudsters, if not caught early on, move from behavior characterized by the description of an accidental fraudster to that of a predator. Financial statement fraud perpetrators often appear to start as accidental fraudsters or even as managers of earnings and, sooner or later, become predators.
Describe occupational fraud and abuse
Occupational fraud and abuse is perpetrated by an employee who uses his or her employment for personal enrichment through the deliberate misuse or misapplication of the organization's resources or assets. According to the ACFE 1996 Report to the Nation, there are four common elements to these schemes: (1) it is clandestine, (2) it violates the employee's fiduciary duties to the organization, (3) it is committed for the purpose of direct or indirect financial benefit to the employee, and (4) it costs the employing organization assets, revenues, or reserves.
Discuss the essence of organizational crime
Organizational crimes occur when entities, companies, corporations, non-for-profits, non-profits and government bodies, otherwise legitimate and law-abiding organizations, are involved in a criminal offense, such as non-compliance with agency, regulatory and court requirements; environmental infringements; fraud and financial crimes; labor abuses; manufacturing infractions related to public safety and health; unfair trade practices; and tax evasion.
What are some indicators that a computer has been infected?
The following are some of the indicators that a computer might be infected: • A sudden and sometimes dramatic decrease of free space on your media. • The system suddenly, and for no apparent reason, slows down its response time to commands. • An increase in the size of some files. • A change in the length of executable files, a change in their content or a change in their file date/time stamp. • An unexpected number of disk accesses, especially to particular file(s). • An operating system and/or other programs that suddenly begins behaving in unpredictable ways. Sometimes disk files that should be there cannot be accessed or are erased with no warning. • Unusual messages and graphics. • An inability to boot the system. • An inability to access files. • Unexplained and repeated maintenance repairs. • System or data files disappear or become fragmented. • Unexplained changes in memory. • Unexplained changes in program sizes. • Display messages that indicate that a virus has been encountered. Note that until the source of the virus has been identified and removed from the system, antiviral systems might continually inform the operator that a virus is being encountered and removed.
Explain the theory of the fraud triangle
The fraud triangle provides an explanation for the conditions necessary for fraud to occur: perceived pressure, perceived opportunity, and rationalization
What are some common virus carriers?
Some of the more common virus carriers are: • Unknown or unchecked application software • Software or media brought in by employees • Programs downloaded from modem bulletin boards • Unsolicited e-mails • Vendors and suppliers with infected software • Uncontrolled and shared program applications • Demonstration software • Freeware and Shareware
How have some of the more common securities fraud schemes been perpetrated?
The more common securities fraud schemes include: Pyramid Schemes. In a pyramid scheme, fees or dues are paid by new members to join the organization. The new member, upon joining, is expected to attract and sign up new members and collect their membership fees on behalf of the organization. The organization generates cash flow, not by selling goods and services to clientele but by the collection of membership fees from new members. The membership fees are then distributed in part to the old members as a form of return on investment (e.g., dividend) to keep the old members attracting new members and to keep the scheme from collapsing. "Prime Bank" Fraud. Generally, investors are promised high rates of return with little inherent risk by investing in "prime bank" notes. The underlying methodology is supposed to be an off-shore trading program which yields extremely high rates of return. The investment prospectus is usually confusing and makes reference to legitimate banks and recognized financial institutions from around the world. The prospective investor is usually required to sign a non-disclosure agreement. Of course, the entire investment is a sham and the investor will lose all of their money in the process. Churning. Churning is the excessive sale of securities by a broker for the purposes of generating commissions. Unsuitable Recommendations. Placing customers in inappropriate investment vehicles is prohibited and brokerages are supposed to exercise due diligence to ensure that brokers are not abusing their trading responsibilities. Parking. Parking is a technique used by an investor to avoid ownership reporting requirements and net capital rules. Front Running. Front running is a derivation of insider trading. The perpetrator, possibly a back office clerk or exchange floor order filler becomes aware of a large buy or sell order, a trade large enough to move the market. In advance of executing the large order, the perpetrator makes a trade in his or her account so as to benefit from the large order trade and the subsequent movement in the market. Bucket Shops. Bucket shops act as a normal licensed brokerage business but neither the enterprise nor its employees are registered or licensed. Such operations are illegal and usually created with the intent to defraud prospective clientele. Misuse or Misappropriation of a Customer's Securities. This scheme involves the theft of investment securities from a client's account or the use of those securities as collateral for other transactions such as loans or margin trading. Market Manipulations. Market manipulations usually occur in penny or micro-cap stocks, those with very small market capitalization. The manipulation occurs when trading activity is designed to artificially move the security price in one direction or another to give the appearance of activity and momentum to entice others to buy or sell. Insider trading. The use of non-public information by insiders with fiduciary responsibilities to their company and its shareholder to profit from the purchase and sale of security is illegal.
What methods are used by insiders to commit computer fraud? What red flags might indicate that insider computer fraud is occurring?
The most prevalent method of committing computer fraud is alteration or falsification of input transactions (and/or documents), including: • Alteration of input • Alteration of output • Data file manipulation • Communications systems disruptions • Operating systems modifications • Computer operations policy violations The following are indicators of insider computer fraud that suggest increased risk and require additional scrutiny: • Access privileges beyond those required to perform assigned job functions. • Exception reports not reviewed and resolved. • Access logs not reviewed. • Production programs run at unusual hours. • Lack of separation of duties in the data center.
What is the difference between tax avoidance and tax evasion?
Tax avoidance consists of using legal means and methodology to minimize taxes within the existing framework of tax rules and regulations. Tax evasion is the intentional wrongdoing to evade taxes believed to be owed. Tax evasion is fraud.
How are the objectives of terrorists and organized criminals different?
Terrorists, as their main objective, attempt to intimidate or coerce persons, governments and civilian populations through the use of force or violence, real or threatened, to achieve political or social objectives. Organized criminals on the other hand are organized around deriving financial gain from their activities.
Analyze the role of corporate governance mechanisms in fraud prevention.
The Board of Directors, Audit Committee and corporate officers set the ethical "tone" of the organization and communicate its values to others both inside and outside of the organization. It is important that individuals in leadership positions not only communicate the value of ethical actions, they must also practice what they preach. Establishing and following good internal controls, supporting the anti-fraud environment through continuing education of fraud awareness, and adhering to effective disciplinary measures for inappropriate behavior can all help to minimize fraud in the workplace.
How did the Sarbanes-Oxley Act address corporate governance and public accounting responsibilities?
The Sarbanes-Oxley Act of 2002 improved the quality, reliability, integrity, and transparency of financial reports by: • Establishing higher standards for corporate governance and accountability • Creating an independent regulatory framework for the accounting profession • Enhancing the quality and transparency of financial reports • Developing severe civil and criminal penalties for corporate wrongdoers • Establishing new protections for corporate whistleblowers.
What is the role of the external auditor in the financial reporting process?
The auditor's role is to attest to the fairness of management's presentation of the financial information as well as the assertions inherent in the financial statements. When auditors have completed their work, they report their findings in an audit report.
How are computers used in cyber crime?
The computer has several roles in high tech crime: • The Computer as an Object—Computers and network systems are themselves often objects or targets of crime, subject to physical sabotage, theft or destruction of information. • The Computer as a Subject—Computers can be the direct subjects of crime when technologists use the computer to commit a crime. This category includes virus attacks, illegal access, etc. • The Computer as a Tool—Computers can be integral to the act, the concealment and the conversion associated with a fraud or financial crime when the electronic device is used to commit crime, whether embezzlement, theft of proprietary information or hacking. • The Computer as a Symbol—Computers lend fraudsters an air of credibility and are often used to deceive victims into investment, pyramid and other "traditional" fraud schemes that have been adapted to the digital environment.
What is the "expectations gap"?
The perception of the public, particularly with regard to asset misappropriation, corruption and misstated financial statements, is that independent auditors are responsible for fraud detection. However, an auditor's responsibility is to provide reasonable assurance that the financial statements are free from material misstatement whether caused by error or fraud. Auditors do not examine 100% of the recorded transactions; instead, they rely on sampling a portion of the transactions to determine the probability of whether or not the transactions are recorded properly. Further, auditors also rely on high-level analytical procedures as well as interviews, inquiries, external confirmations, inspections, physical inventories and other audit procedures to determine if the financial statements are free from material misstatement. The difference between the public's perception of the auditor's role and the role that audit professionals actually serve has led to an "expectations gap."
Why does collusion pose unique prevention and detection challenges?
The primary concern when collusion is involved is that internal controls are generally ineffective in preventing fraud and other financial crimes.
What remedies are available through the civil and criminal justice systems?
The primary difference between the criminal and civil systems is the potential remedy for the victim: the primary allowable remedy in the civil process is monetary damages; whereas the criminal justice system may result in fines, community service, probation, incarceration, censure and even capital punishment. (In the United States, there is no capital punishment for fraud cases.)
Which federal law enforcement agencies investigate domestic Internet crimes?
The primary federal law enforcement agencies that investigate domestic crime on the Internet include the Federal Bureau of Investigation (FBI), the United States Secret Service, the United States Immigration and Customs Enforcement (ICE), the United States Postal Inspection Service and the Bureau of Alcohol, Tobacco and Firearms (ATF).
What are some red flags that may indicate that fraud is occurring?
The red flags that can lead to a formal fraud investigation include tips and complaints, behavioral red flags, analytical anomalies, accounting anomalies and internal control irregularities and weaknesses.
List the 4 legal elements of fraud
1. A material false statement 2. Knowledge that the statement was false when it was spoken 3. Reliance on the false statement by the victim 4. Damages resulting from the victim's reliance on the false statement
List and describe the 6 differences between an audit, fraud examination, and forensic accountant engagement
1. Timing- Audits are conducted on a recurring basis while fraud examination is nonrecurring and only conducted on sufficient predication. Forensic accountant engagement is also nonrecurring and is only conducted after an allegation of misconduct. 2. Scope- The scope of an audit is general while the scope of a fraud examination or forensic accountant engagement is specific. Audits are a general examination of financial information for material misstatements while fraud examiners and forensic accountants are engaged to resolve a specific allegation. 3. Objective- The objective of auditing is to express an opinion on the financial statements of an organization. The objective of a fraud examination is to determine whether or not fraud has taken place and to determine who is responsible, while a forensic accountant engagement is to determine the financial impact of the allegations. 4. Nature of the relationship- Auditing is non-adversarial (characterized with conflict) while fraud examination is adversarial in nature. The forensic accountant is independent. 5. Methodology- Auditing primarily entails examining financial data, while fraud examination and forensic accounting involve gathering sufficient financial and non-financial evidence to meet their objective. 6. Approach- Auditors are required to approach an audit with professional skepticism while fraud examiners and forensic accountants attempt to establish sufficient proof to meet their objective.
Identify the six situational categories that cause non-shareable problems from Cressey's research.
1. violation of ascribed obligations 2. problems resulting from personal failure 3. business reversals 4. physical isolation 5. status gaining 6. employer-employee relations
What are the main components of the fraud risk assessment process?
An overview of the fraud risk assessment process includes the following components: • Evaluate the fraud risk factors • Identify possible fraud schemes and scenarios • Prioritize individual fraud risks • Evaluate mitigating controls for those fraud schemes that are reasonably possible or probable of occurrence and are more than inconsequential or material.
What are the similarities and differences between analytical and accounting anomalies?
Anomalies are based on patterns or breaks in patterns. Analytical anomalies are transaction or financial statement relationships that do not make sense, such as: • Unexplained cash shortages • Unexplained inventory shortages • Deviations from specifications • Increased scrap • Excessive purchases • Too many debit memos • Too many credit memos • Significant unexpected changes in account balances • Excessive late charges • Unreasonable expenses • Unusual expense reimbursements Accounting anomalies are unusual activities that seem to violate normal expectations for the accounting system. For example, a fraud examiner may notice transactions being recorded in odd ways or at odd times during the month. Some irregularities in documentation may include: • Missing documents • Old items being carried on bank and other account reconciliations from one period to the next period • Excessive voids or credit memos • Common names, addresses or phone numbers of payees or customers • Names, addresses or phone numbers that are the same as those of employees • Increases in past due accounts receivables • Increases in the number and amount of reconciling items • Alterations on documents • Duplicate payments • Second endorsements on checks • Breaks in check, invoice, purchase order and other document number sequences • Questionable handwriting • Photocopied documents
Identify common fraud schemes
Asset misappropriation, corruption, and false statements
Which (7) professional organizations support fraud examination and financial forensics professionals? What certifications do they offer?
Association of Certified Fraud Examiners (ACFE) Certified Fraud Examiner (CFE) American Institute of Certified Public Accountants (AICPA) Accredited in Business Valuation (ABV) Certified Information Technology Professional (CITP) Certified in Financial Forensics (CFF) Forensic CPA Society (FCPAS) Forensic Certified Public Accountant (FCPA) Information Systems Audit and Control Association (ISACA) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in the Governance of Enterprise IT (CGEIT) Institute of Internal Auditors (IIA) Certified Internal Auditor (CIA) National Association of Certified Valuation Analysts (NACVA) Certified Forensic Financial Analyst (CFFA) Accredited Valuation Analyst (AVA) Certified in Fraud Deterrence (CFD) Certified Valuation Analyst (CVA) Society of Financial Examiners (SOFE) Accredited Financial Examiner Certified Financial Examiner Automated Examiner Specialist
What is meant by behavioral red flags?
Behavioral anomalies are exhibited in lifestyles and unusual behaviors. Lifestyle symptoms can be observed through cars, homes, boats, jewelry, clothing and other material possession of which they could not or should not be able to afford. Also, the fear of getting caught and the ramifications associated with that cause the person to exhibit unusual behaviors. The underlying cause may be guilt or fear but either way, stress is created. That stress then causes changes in the person's behavior. Such changes include insomnia, alcohol abuse, drug abuse, irritability, paranoia, inability to relax, inability to look people in the eye, signs of embarrassment, defensiveness, argumentativeness, belligerence, confession to a trusted confidant, pointing failure at others (scapegoats), (excessive or starting) smoking and other anxiety-based symptoms.
What international opportunities exist in fraud examination and financial forensics?
Chartered Accountant (CA), one equivalent of the CPA around the globe, is the title used by members of certain professional accountancy associations in the British Commonwealth countries and Ireland. The Association of Certified Fraud Examiners, which administers the certified fraud examiner (CFE) credential, has international activities in more than 120 countries around the world. Other international certifications related to the fraud examination and forensic accounting specializations include the following: • AAFM - The American Academy of Financial Management offers 16 separate financial certifications recognized worldwide. • MFP - Master Financial Professional • CWM - Chartered Wealth Manager • CTEP - Chartered Trust and Estate Planner • CAM - Chartered Asset Manager • RFS - Registered Financial Specialist in Financial Planning • CPM - Chartered Portfolio Manager • RBA - Registered Business Analyst • MFM - Master Financial Manager • CMA - Chartered Market Analyst and FAD - Financial Analyst Designate • CRA - Certified Risk Analyst and CRM - Certified in Risk Management • CVM - Certified Valuation Manager • CCC - Certified Cost Controller offered in the Middle East, Europe, Asia and Africa • CCA - Certified Credit Analyst offered in Asia and Middle East Africa • CCA - Chartered Compliance Analyst • CITA - Certified International Tax Analyst (for Lawyers or LLM holders) • CAMC - Certified Anti-Money Laundering Consultant (for Lawyers or LLM holders) • Ch.E. Chartered Economist - For PhDs and Double Masters Degree Holders. • CAPA - Certified Asset Protection Analyst
Examples of occupational fraud and abuse
Common violations include asset misappropriation, fraudulent statements, corruption, pilferage, petty theft, false overtime, using company property for personal benefit, fictitious payroll and sick time abuses.
What is the difference between computer fraud and computer crime?
Computer-based fraud and financial crimes are any defalcation, fraud or financial crime accomplished by tampering with computer programs, data files, operations, equipment, or media, and resulting in losses sustained by the organization whose computer system was compromised. One of the distinguishing characteristics of computer-based fraud is that access occurs with the intent to execute a fraudulent scheme or financial criminal act. Generally, computer crime differs from computer fraud in at least three major ways: 1. Employees, who as a part of their assigned duties and responsibilities, have access to the computer systems, are deemed to have authorized access. As a result, those with authorized access cannot fall under statutes which address computer fraud (outlawing unauthorized access), even if their actions subsequent to access are judged illegal. However, individuals with some authorized access but who exceeded that authorization can be prosecuted under computer-based fraud statutes. Thus, "without authorization" generally refers to intrusions by outsiders or those with no access, but some courts have also applied the term to intrusions by insiders who access computers other than the computer they are authorized to use, intrusions by insiders acting as agents for outsiders, and intrusions by insiders who violate clearly defined access policies. 2. The manipulation, alteration or destruction of data (including computer software) is considered independent of computer-based fraudulent schemes. 3. Because data are intangible, the destruction or compromising of the integrity of computer data does not fall under vandalism statutes.
What role do fraud examination and financial forensic skills have in the corporate governance area?
Corporate governance can play an important role in preventing and detecting financial statement and other types of fraud and corporate malfeasance. Fraud examiners and financial forensic professionals help to identify risks and understand how the organization's internal controls might be exploited during fraud acts.
What are the different types of banks in the U.S. banking system? How are they different?
Different types of banks in the U.S. banking system include: Commercial banks are those with which most people are familiar. Some people have accounts at federal savings banks (also known and savings and loan banks). Offshore banks exist in foreign countries, and it is not uncommon for high net worth U.S. citizens to bank internationally to take advantage of the various banking and tax laws. An investment bank underwrites the securities of companies issuing stocks and bonds to investors. Private banks are established by individuals and businesses to facilitate transactions. Central banks, such as the U.S. Federal Reserve, are responsible for maintaining and protecting the country's currency. Correspondent banks provide banking services for another bank's customers where the other bank does not have a local branch operation or other physical presence. Cyber banks are available on the Internet. Other banking arrangements include credit unions, auto finance companies, bank holding companies and securities brokerages.
What is the discovery process and how does it work?
Discovery is the process by which each side may explore the merits of the other side's arguments by obtaining documentary and testimonial evidence. Any matter or material relevant to the civil action that is not privileged is subject to discovery. Normally discovery may take at least four forms. Initially interrogatories are passed to the opposing council. Interrogatories are questions that require answers and those answers become part of the testimonial record. As such, answers are provided under oath. While interrogatories are one of the least expensive means to obtain evidence from the opposing party, because of an inability to ask follow-up questions except through additional interrogatories, they may not be effective. Opposing parties tend to provide truthful responses yet minimal information. Subsequent to interrogatories opposing parties submit "requests to produce documents" to one another. These requests may include copies of contracts, notes from meetings, calendars, invoices and accounting records of all sorts including general ledgers, trial balances, journal entries, journal entry back-up, financial statements and tax returns. Just about any information that is captured in paper or electronic form is subject to discovery. In very complex cases the review of discovered documents alone can take years. While attorneys and experts can become almost overwhelmed with produced documents, most are remiss to limit the amount of document production for fear of missing that critical piece of paper that blows their case wide open. Third, attorneys start to take sworn testimony from opposing parties in the form of depositions. Depositions that are grounded in the evidence and documents provide very useful information. The format is that the deponent (the person being deposed) provides sworn testimony based on questions developed by opposing council. Assuming that the attorney is well-prepared and accomplished, they can use the deposition exercise to evaluate a number of issues: - How good of a witness will this person be; how good will they come across in front of a jury; can I get this person angry, aggressive, defensive, or emotional? - What is the opposing side's theory of the case; what arguments are they likely to make in court; how deep is the evidence trail behind their theory of the case? - Is their witness making informed statements grounded in the evidence or is this person likely to shoot from the hip? - How does this person react when I propose or suggest my side's theory of the case? Does this person refute my theory with evidence; are they dismissive; are they emotional? Thus, the deposition process not only provides the opportunity to obtain additional evidence it provides a good opportunity, especially with key witnesses including fraud examiners and forensic accounting expert witnesses, to evaluate each side's case and their witness quality. As depositions proceed it is often common for each side to develop additional requests for the production of documents based on deposition testimony of various parties. For example, a former accountant may know of the existence of a box of records in a storage area that was previously overlooked in a prior request for the production of documents. The fourth and last stage of discovery is an attempt by counsel to get the other side to agree to certain basic aspects and facts of the case through "requests for admission." This process helps determine what issues are points of contention as the trial approaches, and what points can be agreed upon by both sides. Thus, a request for admission attempts to narrow the scope of the trial to its essential points of contention.
Is earnings management considered fraud?
Earnings management involves deliberate actions by management to meet specific earnings objectives, generally, for private gain. Managing earnings is a fraud, whether or not material. The primary issue is whether the independent auditor or forensic accountant has clear and convincing evidence that demonstrates that earnings, in fact, have been managed.
Which types of economic damages are related to computer crimes?
Economic losses associated with computer crimes may include: • Costs to respond to the damage caused by the perpetrator • Damage assessments • Restoration of data or programs • Wages of employees for these tasks • Lost sales from websites • Lost advertising revenue from websites • Losses might also include o Harm to reputation or goodwill o Other reasonable costs associated with the act
Give examples of non-fraud forensic and litigation advisory engagements
Engagements may be criminal, civil, or administrative cases that involve economic damage claims, workplace or matrimonial disputes, or asset and business valuations
Describe corporate governance breakdowns in the facilitation of Enron's fraudulent acts.
Enron had weak board oversight, inappropriate executive compensation incentives, and failed to recognize potential ethical issues before they became legal issues.
Discuss alternative courses of action in the Enron case within the framework of appropriate ethical conduct.
Enron's board members should not have accepted gifts that might compromise their judgment or be perceived as a conflict of interest. In addition, after a company's board approves certain policies and procedures, everyone should be held to the same standards. This, along with full disclosure on the part of Enron's senior management, would have set an entirely different ethical "tone" for the rest of the employees in the organization.
Identify ethical issues, conflicts of interest, and non-compliance with corporate policies and procedures in the Enron case.
Ethical issues - While the employees and shareholders at Enron were reassured by the company's executives that their investments in Enron were safe, the executives themselves were selling their own shares of Enron stock. Conflict of interest - Audit committee members accepted gifts from Enron to the organizations at which they were employed. Non-compliance with corporate policies and procedures - The Enron board waived the company's own ethics code requirements to allow its CFO to serve as general partner for the partnerships it was using as a conduit for most of its off-balance sheet transactions.
How is materiality determined?
FASB 2 defines materiality as the "magnitude of an omission or misstatement of accounting information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement." Thus, the auditor must apply judgment related to materiality and that judgment has an impact on the information presented in the financial statements. Further, auditors rely not only on financial assessments, they also consider various qualitative factors such as whether they have discovered fraud in prior audits or there are allegations of illegal acts or fraud. Generally, illegal acts have no materiality threshold and require that auditors pay close attention to their nature and corresponding consequences to the company.
What are the factors that affect the decision to prosecute an entity?
Factors that affect the decision to prosecute an entity are similar to those for individual prosecution and include the sufficiency of evidence, likelihood of success at trial, probability of deterrence and rehabilitation, and adequacy of non-prosecutorial remediation options. Other factors are also considered: • Nature and seriousness of offense • Corporation's history • Timely and voluntary disclosure • Willingness to cooperate • Corporate compliance program • Corporate remedial action(s) • Replace management • Discipline / terminate wrongdoers • Pay restitution • Cooperate • Disproportionate harm to employees, shareholders, pensioners • Adequacy of prosecution for individuals • Adequacy of other remedies: civil, regulatory Consistent with the remainder of the criminal justice system prosecutors have wide discretion in these types of situations.
In the criminal justice system, how is probation different from parole?
Probation is a penalty and is used as an alternative to prison, whereas parole is used to describe the corrections process subsequent to having served time in prison. Parole is often used as a reward for good behavior during time served.
What is the role of research in the fraud examination and financial forensics professions?
Research drives professional innovation. Practitioners in the field implement the products of research (concepts, ideas, theories and evidence) by applying, testing and refining theory and research findings in the "real world." Finally, educators create learning frameworks through which students benefit from the combined efforts of practice and research. For fraud examination and forensic accounting to be a viable specialization over the long term, research opportunities and recognition are required to take the profession to the highest levels.
What are the three major types of negotiated remedies and how do they differ?
The three major forms of negotiated remedies are: out-of-court settlements, arbitration and mediation. Out-of court settlements occur when both sides come to a realistic settlement position after critical examination of their clients, the evidence, the qualities of their fact witnesses, the strength of their expert opinions, and other important aspects of the case. Assuming that the two sides are reasonably close the attorneys will confer with their clients and negotiate with the opposing attorney. This process can take weeks or months and may even start during the deposition phase. Normally a negotiated settlement will not be achievable prior to the end of, or near the end of, discovery. If a negotiated settlement between opposing attorneys in concert with their clients does not work, a second approach is mediation. In this environment an independent, objective mediator will work with both sets of opposing counsel to help reach a settlement between the two (and their clients). The mediator does not decide who should win but his responsibility is to assist both sides to more objectively assess the merits of their case and work toward a mutually agreeable resolution. Since the mediator has no authority on which to decide cases, any settlement is voluntary on the part of the opposing parties. A third possibility is arbitration. Like a mediator an arbitrator is an independent, trusted third party who has the authority to determine the outcome of the case. Thus the arbitrator acts like the judge and jury, listening to the primary aspects of each side's case, and deciding what he or she believes to be the most appropriate outcome based on the merits of the cases presented. Arbitration may be binding, meaning that the "verdict" of the arbitrator is final; or non-binding. Even a non-binding "verdict" may bring the parties closer together and may result in an out-of-court settlement because of the ability of the arbitrator to independently and objectively evaluate the merits of each side's case.
According to chapter 2, what employment trends are expected for professionals in the fields of fraud examination and financial forensics? Why?
There is a growing demand for forensic and litigation advisory services related to damages, divorce, valuations, construction delays, antitrust, lost wages, business interruption, intellectual property infringement, insurance claims, environmental issues, tax evasion, wrongful death, reconstruction, and litigation consulting. Anticipated growth in the field is expected to be nearly 25% over the next 10 years.
Why are today's viruses more difficult to detect?
Today's viruses are often well hidden and used to steal information without the user's knowledge.
How do computer viruses work?
Viruses are hidden computer programs that use computer resources or other computer activities in such a way as to shut down the system or slow it down significantly. Computer viruses typically use the infected computer's resources to replicate itself and spread the infection to other computer systems on a network or through the Internet via e-mail, text messages, or other electronic medium.
