Flashcards in Fraud Considerations Deck (12):
What are the 3 Classifications of Fraud on the Association of Certified Fraud Examiners (ACFE)'s "Fraud Tree"?
(1) Corruption schemes
(2) Asset misappropriation schemes
(3) Fraudulent statement schemes
What are 3 conditions present when Fraud occurs or "Fraud Triangle"?
1. Incentive/Pressure - Reason to commit fraud, something personal that motivates person to commit fraud
2. Opportunity - Absence of controls, ineffective controls, or ability of mgmt to override controls, person in a position of trust or of tenure
3. Rationalization - Mental process to justify why fraudster NOT committing a crime
What are examples of when "Opportunities" are increased to commit Fraud?
- Large amts of cash on hand or processed
- Inventory items small in size, high value or high demand
- Easily convertible assets, like bearer bonds, diamonds, or computer chips
- Fixed assets small in size, marketable, or lacking observable ID of ownership
Describe the steps of using IT Skills in Fraud Investigations:
(1) Evaluate Relevant Systems and Software
(2) Evaluate IT Antifraud Controls
(3) Examine Logical Access
(4) Observable Digital Data Sources
(5) Nonobservable Digital Data Sources
What is AU316?
- AU316 (codification of SAS 99), “Consideration of Fraud in FS Audit”
- Describes process where auditors assess RMM related to fraud
- Describes factors that s/b present throughout audit
- Applying this standard s/b the best way to assess RMM related to fraud in FS audit.
What is the definition of "Fraud" according to AU316.05 SAS 99?
- Fraud is an intentional act that results in a material misstatement in FS that are subject of audit
When is "Data Mining and Analysis" beneficial in a fraud investigation?
1. When events or transactions are large in volume w/in which potential evidence of fraudulent events or transaction exists (ability to isolate or ID fraud transactions become difficult to do manually)
2. When paper documents large in volume but same info exists in data
3. When multiple and disparate systems are used (often purposely designed to obfuscate a fraud)
4. When data mining and analysis clearly more efficient than alternative substantive or manual detective/investigation procedures
What is "Observable Data"?
- Data easily observed in electronic form on electronic devices, through O/S, apps and other interfaces
What is "Nonobservable Data" and give examples?
- Data sometimes not known to users and not in transactional data
- Ex: Metadata, latent data
What is the meaning of the slang term "back door"?
- Access to data or applications via bypassing the normal access controls interfaced w/ networks and apps, and accessing them via O/S controls
- Without proper O/S access controls, employee, esp a mgr, could have “keys to the kingdom”
- Missing or weak O/S controls allow person to gain access to all databases and/or apps
What is "Latent Data"?
- Latent data is undiscovered, concealed, misplaced, missing or hidden data on disk drives not converted to observable info.
- Data is usually not accessible by apps.
- Latent data is very fragile and subject to loss by its nature.
- A type of nonobservable data
• Deleted files (can be recovered)
• Slack space (download temp files stored there)
• RAM data (if computer is powered up)
• Temporary files (from application processes)
• Windows swapped files
• Stored printer images