The following are examples of risk factors relating to misstatements arising from fraudulent financial reporting.

INCENTIVES/PRESSURES
• Financial stability or profitability is threatened by economic, industry, or entity operating conditions.
• Excessive pressure exists for management to meet the requirements or expectations of third parties.
• Information available indicates that the personal financial situation of management or those charged with governance is threatened by the entity’s financial performance.
• There is excessive pressure on management or operating personnel to meet financial targets established by those charged with governance, including sales or profitability incentive goals.

An auditor oversight body should establish a process for performing regular reviews of audit procedures and practices of firms that audit the financial statements of listed public companies.

Matters to be considered include:
a) Independence, integrity and ethics of auditors
b) Objectivity of audits
c) Selection, training, and supervision of personnel
d) Acceptance, continuation, and termination of audit clients
e) Audit methodology
f) Audit performance, that is, compliance with applicable generally accepted auditing standards
g) Consultation on difficult, contentious or sensitive matters and resolution of differences of opinion during audits
h) Second partner reviews of audits
i) Communications with management, supervisory boards and audit committees of audit clients
j) Communications with bodies charged with oversight over the financial reporting process, for example, on matters such as regulatory inquiries, changes in auditors, or other matters as may be required
k) Provisions for continuing professional education.

Risk factors that relate to misstatements arising from misappropriation of assets are also classified according to the three conditions generally present when fraud exists: incentives/pressures, opportunities, and attitudes/rationalisation.

The International Organisation of Securities Commissions (IOSCO) is an international association of securities regulators that was created in 1983.
The objectives of the Organisation’s members are:
• To cooperate together to promote high standards of regulation in order to maintain just, efficient, and sound markets;
• To exchange information on their respective experiences in order to promote the development of domestic markets;
• To unite their efforts to establish standards and an effective surveillance of international securities transactions;
• To provide mutual assistance to promote the integrity of the markets by a rigorous application of the standards and by effective enforcement against offenses.

The risk factors relating to misstatements arising from fraudulent financial reporting.

OPPORTUNITIES
• The nature of the industry or the entity’s operations provides opportunities to engage in fraudulent financial reporting.
• The monitoring of management is not effective.
• There is a complex or unstable organisational structure.
• Internal control components are deficient.

Fraud perpetrated to the detriment of the organisation is conducted generally for the direct or indirect benefit of an employee, outside individual, or another organisation. Some examples are:
• Acceptance of bribes or kickbacks.
• Diversion to an employee or outsider of a potentially profitable transaction that would normally generate profits for the organisation.
• Embezzlement, as typified by the misappropriation of money or property, and falsification of financial records to cover up an act, thus making detection difficult.
• Intentional concealment or misrepresentation of events, transactions, or data.
• Claims submitted for services or goods not actually provided to the organisation.
• Intentional failure to act in circumstances where action is required by the company or by law.
• Unauthorised or illegal use of confidential or proprietary information. Unauthorised or illegal manipulation of information technology networks or operating systems.
• Theft.

The PIOB oversees IFAC’s Public Interest Activity Committees (PIACs) comprising the International Auditing and Assurance Standards Board, International Accounting Education Standards Board, International Ethics Standards Board for Accountants, their respective Consultative Advisory Groups, and the Compliance Advisory Panel (CAP).

Examples of fraud designed to benefit the organisation include:
• Improper payments, such as illegal political contributions, bribes, and kickbacks, as well
as payoffs to government officials, intermediaries of government officials, customers, or suppliers.
• Intentional and improper representation or valuation of transactions, assets, liabilities, and income, among others.
• Intentional and improper transfer pricing (e.g., valuation of goods exchanged between related organisations). By purposely structuring pricing techniques improperly, management can improve their operating results to the detriment of the other organisation.
• Intentional and improper related-party activities in which one party receives some benefit not obtainable in an arm’s-length transaction.
• Intentional failure to record or disclose significant information accurately or completely, which may present an enhanced picture of the organisation to outside parties.
• Sale or assignment of fictitious or misrepresented assets.
• Intentional failure to act in circumstances where action is required by the company or by law.
• Intentional errors in tax compliance activities to reduce taxes owed.

The objective of the international Public Interest Oversight Board (PIOB) is to increase the confidence of investors and others that the public interest activities of the International Federation of Accountants.

The PIOB was formally established in February 2005 to oversee IFAC’s auditing and assurance, ethics, and education standard-setting activities.

The establishment of the PIOB is the result of a collaborative effort by the international financial regulatory community, working with IFAC, to ensure that auditing and assurance, ethics, and educational standards for the accounting profession are set in a transparent manner that reflects the public interest.

In 2004, IOSCO in cooperation with a group of other international organisations, developed a Survey on Regulation and Oversight of Auditors. The goal of the Survey was to obtain a point-in-time description of the structures and processes in place in 2004 for regulation and oversight of auditing around the world, to serve as baseline information for regulators and oversight bodies and other organisations that are working to enhance auditor oversight and international audit quality.

The INTOSAI Auditing Standards Committee produced a restructured version of the Auditing Standards, which was approved by the XVIIth Congress of INTOSAI in Seoul 2001. The restructured INTOSAI auditing standards consist of five parts:
• Basic Principles
• General Standards
• Standards with Ethical Significance
• Field Standards
• Reporting Standards

The International Organisation of Supreme Audit Institutions (INTOSAI) is an autonomous, independent, and non-political organisation. It is a non-governmental organisation founded in 1953, with special consultative status with the Economic and Social Council (ECOSOC) of the United Nations.

The PIOB is based in Madrid, Spain, where it operates as La Fundación Consejo Internacional de Supervisión Público en Estándares de Auditoría, Ética Profesional y Materias Relacionadas, a non-profit Spanish foundation.

The following are some control elements of a fraud prevention program presented within the COSO control framework as an example.
1. Control environment. Companies must establish an appropriate control environment that includes:
• A code of conduct, ethics policy, or fraud policy to set the appropriate tone at the top.
• Ethics and whistleblower hotline programs to report concerns.
• Hiring and promotion guidelines and practices.
• Oversight by the audit committee, board, or other oversight body.
• Investigation of reported issues and remediation of confirmed violations.

The Committee of Sponsoring Organisations (COSO) of the Treadway Commission’s Enterprise Risk Management—Integrated Framework provides a useful model that includes sections on:
• Event identification, such as brainstorming activities, interviews, focus groups, surveys, industry research, and event inventories.
• Risk assessments that include probabilities and consequences.
• Risk response strategies, such as treating, transferring, tolerating, or terminating risk.
• Control activities, such as linking risks to existing anti-fraud programs and control activities, and validating their effectiveness.
• Monitoring, including audit plans and programs that consider residual fraud and risk due to misconduct.

Monitoring and detection controls include:
• Installing alarm systems on facility doors and windows
• Installing surveillance cameras
• Designing edit checks into information systems
• Performing inventory counts
• Auditing
• Reviewing and approving invoices and cost centre charges
• Reconciling accounts

Internal auditors must exercise due professional care by considering the:
• Extent of work needed to achieve the engagement’s objectives;
• Relative complexity, materiality, or significance of matters to which assurance procedures are applied;
• Adequacy and effectiveness of governance, risk management, and control processes;
• Probability of significant errors, fraud, or noncompliance; and
• Cost of assurance in relation to potential benefits.

The Public Interest Oversight Board comprises individuals from a number of professions and all branches of regulation. Its ten members were nominated by the International Organisation of Securities Commissions, the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors, the World Bank, and the European Commission.

Investigator’s Role (Whether Assigned to Internal Auditing or Elsewhere)
The plan should consider methods to:
• Gather evidence, such as surveillance, interviews, or written statements.
• Document the evidence, considering legal rules of evidence and the business uses of the
evidence.
• Determine the extent of the fraud.
• Determine the scheme (techniques used to perpetrate the fraud).
• Evaluate the cause.
• Identify the perpetrators.

Responsibilities of The PIOB:
• Reviews and approves Terms of Reference for these entities;
• Evaluates the boards’ due process procedures;
• Oversees the work of IFAC’s Nominating Committee and approves the committee’s nominations to the standard-setting boards and the CAP; and
• Suggests projects to be added to the boards’ work programs.

The internal audit activity must assess and make appropriate recommendations for improving the organisation’s governance process in its accomplishment of the following objectives:
• Promoting appropriate ethics and values within the organisation;
• Ensuring effective organisational performance management and accountability;
• Communicating risk and control information to appropriate areas of the organisation;
• Coordinating the activities of and communicating information among the board, external and internal auditors, and management.

The internal audit activity must evaluate risk exposures relating to the organisation’s governance, operations, and information systems regarding the:
• Reliability and integrity of financial and operational information.
• Effectiveness and efficiency of operations.
• Safeguarding of assets; and
• Compliance with laws, regulations, and contracts.

Certified Fraud Examiners are not normally responsible for the initial detection of fraud; instead, Certified Fraud Examiners usually become involved after sufficient predication exists. Certified Fraud Examiners commonly supervise or direct a fraud examination or investigation.

Fraud in financial statements typically takes the form of:
• Overstated assets or revenue
• Understated liabilities and expenses

Some of the more common reasons why people commit financial statement fraud include:
• To encourage investment through the sale of stock.
• To demonstrate increased earnings per share or partnership profits interest, thus allowing increased dividend/distribution payouts.
• To cover inability to generate cash flow.
• To dispel negative market perceptions.
• To obtain financing, or to obtain more favourable terms on existing financing.
• To receive higher purchase prices for acquisitions.
• To demonstrate compliance with financing covenants.
• To meet company goals and objectives.
• To receive performance-related bonuses.

The five classifications of financial statement schemes are:
• Fictitious revenues
• Timing differences
• Improper asset valuations
• Concealed liabilities and expenses
• Improper disclosures

The responsibilities of Certified Fraud Examiners are to:
• Help resolve allegations of fraud, from inception to disposition
• Obtain evidence
• Take statements
• Write reports of fraud examinations
• Testify to findings
• Assist in fraud detection and prevention

Revenue should generally be recognised in the accounting records when the following four criteria have been satisfied:
• Persuasive evidence of an arrangement exists;
• Delivery has occurred or services have been rendered;
• The seller’s price to the buyer is fixed or determinable; and
• Collectability is reasonably assured.

Improper asset valuations usually take the form of one of the following classifications:
• Inventory valuation
• Accounts receivable
• Business combinations
• Fixed assets

Common methods for concealing liabilities and expenses include:
• Liability/expense omissions
• Capitalised expenses

The objectives of the auditor, as outlined in ISA 240, are:
a) To identify and assess the risks of material misstatement of the financial statements due to fraud;
b) To obtain sufficient appropriate audit evidence about the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and
c) To respond appropriately to identified or suspected fraud.

A company employee might submit the following false information to obtain unlawful financial gain:
• Improper medical information to obtain a better insurable rate for the prospective policyholder (for example, standard to preferred rate)
• Improper date of birth to obtain a cheaper premium on the new policy
• Improper home address to obtain a cheaper premium for home or automobile insurance
• Improper driving history prior to purchasing automobile insurance to reduce the annual premium or obtain insurance where the individual would normally have to apply through the risk pool.

It is not uncommon in construction financing to have a budget line item for developer overhead (also called general conditions). This is a ripe area for abuse. The purpose of developer overhead is to supply the developer with operating capital while the project is under construction. This overhead allocation should not include a profit percentage, as the developer realizes profit upon completion. In essence, the overhead budget is as if the lender is making two types of loans: a real estate loan and a working capital loan for the overhead. Unfortunately, there is seldom, if ever, any separate underwriting for the overhead portion. The overhead is merely added as a construction cost, whose ultimate collateral is the property and not some other short-term collateral. Historically, troubled construction loans or foreclosures due to fraud have been totally disbursed in the developer overhead category.

Complaints of consumer fraud can be found as far back as the first century when Pliny the Elder told of the adulterated honey being sold in Rome and the mixing of wine with gypsum, lime, pitch, rosin, wood ashes, salt, sulfur, and other artificial additives. Schemes against consumers range from home repair frauds to more sophisticated scams. Fraud is notably common in the repair and service industries. Home repair fraud, frequently perpetrated against the elderly, ranges from the sale or use of substandard materials—such as roofing—to securing payment without doing any work at all. Automobile repairs often involve fraudulent acts. One study maintained that 53 cents of every “repair” dollar were wasted because of unnecessary work, overcharging, services never performed, or incompetence.

Skimming can sometimes be detected by reviewing and analyzing all journal entries made to the cash and inventory accounts. Journal entries involving the following topics should be examined:
• False credits to inventory to conceal unrecorded or understated sales
• Write-offs of lost, stolen, or obsolete inventory
• Write-offs of accounts receivable accounts
• Irregular entries to cash accounts

The following is a list of typical financial statements:
1. Statement of financial position (“balance sheet”).
2. Statement of profit or loss and other comprehensive income for the period (“income statement”).
3. Statement of changes in owners’ equity or statement of retained earnings.
4. Statement of cash flows.

Shell Entities:
Money launderers often use shell entities to purchase real estate with illicit funds. Generally defined, shell entities are organizations without active business or significant assets, and they can take the form of limited liability companies, trusts, business trusts, corporations, and other legal entities. Because there is a lack of transparency in the formation of shell entities, money launderers often use them to hide the identity of the true owner, the source of the money, or the destination of the money.

Using a Front Business to Launder Funds:

One of the most common methods of laundering funds is to filter the money through a seemingly legitimate business, otherwise known as a front business. A front business can be a very effective way to launder money for a number of reasons. Front businesses provide a safe place for organizing and managing criminal activity, where the comings and goings of large numbers of people will not arouse undue suspicion. In addition, a front that conducts legitimate business provides cover for delivery and transportation related to illegal activity. The expenses from illegal activity can be attributed to the legitimate enterprise, and the illegal revenues can be easily placed into the enterprise.

Internal Controls:

Management must also analyze their organization’s internal controls and enhance them as necessary to eliminate procurement risks. Key internal controls include, but are not limited to:

• Separation of duties
• Supervisory controls
• Receiving controls
• Authorization/approval controls
• Reconciliation controls
• Recording controls

Labor costs are made up of direct labor charges to the contract and indirect labor charges allocated to the contract through a factor or rate. Direct labor charges are contract costs identified specifically with a contract. In general, direct labor costs are calculated by multiplying all project hours with the labor rates, which are based on actual employee wages or represent wages paid, and they are summarized for all employees within the applicable allocation unit. Indirect labor costs are those identified in two or more cost objectives.

Sales Skimming

The most basic skimming scheme occurs when an employee sells goods or services to a customer and collects the customer’s payment, but makes no record of the sale. The employee simply keeps the money received from the customer instead of turning it over to his employer. (See the “Unrecorded Sales” flowchart.)

Fictitious Refunds or Voided Sales

Fictitious refunds or voided sales can often be detected when closely examining the documentation submitted with the cash receipts.

• One detection method is to evaluate the refunds or discounts given by each cashier or salesperson. This analysis might point out that a single employee or group of employees has a higher incidence of refunds or discounts than others. Further examination is then necessary to determine if the refunds are appropriate and properly documented.
• Signs in the register area asking customers to ask for and examine their receipts employ the customer as part of the internal control system. This helps ensure that the cashier or salesperson is properly accounting for the sale and prevents employees from using customer receipts as support for false void or refunds.
• Random service calls to customers who have returned merchandise or voided sales can be used to verify the legitimacy of transactions.

The current ratio—current assets to current liabilities—is probably the most commonly used ratio in financial statement analysis. This comparison measures a company’s ability to meet present obligations from its liquid assets. The number of times that current assets exceed current liabilities has long been a quick measure of financial strength.

In detecting fraud, this ratio can be a prime indicator that the accounts involved have been manipulated. Embezzlement will cause the ratio to decrease, and liability concealment will cause a more favorable ratio.

Mobile phone forensics refers to procedures used to capture mobile data in order for the data to be admissible in court. Companies use forensics on the mobile phone to determine if a client system has been used in breach of its policies of use.

The following considerations should be made:
. The fraud investigator should not move through the system quickly because this will probably change the information of the system.
. If a computer is secured by password or locked, it could be stopped from subsequent access.
. A computer that is switched on could connect with the network, which will cause data changes, should be disconnected from the network by the fraud examiner.

Two basic types of evidence are available: direct and circumstantial. The facts at the problem are shown prima facie (based on the first impression) by direct evidence; it directly demonstrates the facts.
Circumstantial evidence is proof that tends to indirectly, by inference, demonstrate or disprove facts in question.

A litigation holding relates to the measures that an organization takes to notify employees when they need to maintain data occurs to stop the destruction of possibly appropriate documents.

When the structural pressure to commit fraud exists, a firm often cannot unite its agents in such activities. At least three factors prevent such unity.
First, the pressure to commit fraud might not affect departments in a company equally.
Second, even in high-pressure departments, some employees will not know the difficulty of obtaining needed resources.
In other words, an employee usually needs a high degree of responsibility for a company’s success, as well as the ability to bring about those goals, before a chance to engage in misbehavior can occur.

Risk assessment involves a risk management plan, ethical adaptation, management services to the organization’s requirements, and identification and review of operational financial and regulatory threats.

The following are examples of data analysis queries that can be performed to detect fraud through the examination of sales information:

– Create a report of all system overrides and sales exceptions.
– Analyze returns and allowances by store, department, or other areas.
– Summarize trends by customer type, products, salesperson, etc.
– Compare ratios of current sales to outstanding receivables or other variables.
– Generate reports on a correlation between product demand or supply and sales prices.

An investigation technique designed to obtain evidence by the use of agents whose true intentions are not communicated to the target is known as a covert operation. With proper planning and precautions, a covert operation can prove very beneficial to an investigation.

In surveillance operations, the agent makes use of observation to gather information about individuals suspected of misconduct. Bill would be carrying out a surveillance operation when he observes a suspect from afar while he meets with a potential co-conspirator.

The phrase “garbage in, garbage out” is applicable in the preparation phase. Before running tests on the data, the fraud examiner must make certain the data being analyzed are relevant and reliable for the objective of the engagement. This is done during the preparation phase.

A transaction identified by a data analysis test as an anomaly within the data set even though it is not actually a fraudulent transaction is known as a false positive. Such results can occur for various reasons.

The portion of the cognitive interview in which the investigator seeks to track down who was involved and obtain specific details about the suspect is known as the specific-detail phase. In this phase, the investigator seeks to get additional information about the event by asking the witness to describe the suspect with specific details.

The form that documents the fact that permission was given to the fraud examiner by an individual to record specific conversations is known as the consent to record form. The consent to record form must be signed and witnessed.

Operating and file system experts are proficient in certain operating systems and the various file systems they employ. Operating and file systems experts also have the ability to convey operational characteristics and observe artifacts.

Deleted files are recoverable until they are overwritten because data is not erased from a computer’s hard drive until it is overwritten. A deleted file will remain present on a hard drive until the operating system overwrites all or some part of the file. So, deleted files are generally no longer recoverable when they have been overwritten.

Operating and file system experts are proficient in certain operating systems (e.g., Windows Vista, Windows 7, Windows 10, Linux) and the various file systems they employ (e.g., Joliet, NTFS, FAT, VFS, Ext2). Operating and file systems experts also have the ability to convey operational characteristics and observe artifacts.

Spoliation is broadly defined as the act of intentionally or negligently destroying documents relevant to litigation.