The term “fraud” according to the Institute of Chartered Accountants of India (ICAI) refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.
Although fraud is a broad legal concept, the auditor is concerned with fraudulent acts that cause a material misstatement in the financial statements. Misstatement of the financial statements may not be the objective of some frauds. Auditors do not make legal determinations of whether fraud has actually occurred.
Fraud involving one or more members of management or those charged with governance is referred to as “management fraud”; fraud involving only employees of the entity is referred to as “employee fraud”. In either case, there may be collusion with third parties outside the entity.
Fraud and Error:
Institute of Chartered Accountants of India (ICAI) opines that the distinguishing factor between fraud and error is whether the underlying action that results in the misstatement in the financial statements is intentional or unintentional.
Unlike error, fraud is intentional and usually involves deliberate concealment of the facts. While the auditor may be able to identify potential opportunities for fraud to be perpetrated, it is difficult, if not impossible, for the auditor to determine intent, particularly in matters involving management judgment, such as accounting estimates and the appropriate application of accounting principles.
Reasons of fraud:
- Insufficient or missing controls
- Ignoring internal audit controls
- Conspiracy among conmen and employees
- Decline of moral principles and ethical values
- Placing too much trust in key employees
- Lack of proper procedures for authorization of transactions
- No separation of authorization of transactions from the custody of related assets
- Lack of independent checks on performance
- No separation of duties between accounting functions
- Lack of clear lines of authority and responsibility
- Department that is not frequently reviewed by internal auditors
Ways of fraud detection:
Collusion or the fact that that top management is very frequently involved in fraud makes it complicated to detect fraud. Various ways through which fraud can be detected are:
- Fraud detection by whistleblowing hotlines: A whistleblowing hotline is a channel that allows employees and others to confidentially alert an organization about suspicions of misconduct. It is an important tool for reducing risks and building trust as it enables managers to detect and act on possible misconduct at an early stage.
- Fraud detection by tip lines: An anonymous tip line (or website or hotline) is one of the most effective ways to detect fraud in organizations. In fact, tips are by far the most common method of initial fraud detection
- Fraud detection by external auditors: As per SA 240, Consideration of Fraud in a Financial Statement Audit requires that financial statement auditors conduct their audits in such a way so as to obtain reasonable assurance that financial statements are free from material misstatement, whether caused by fraud or error.
- Fraud detection by internal auditors: internal auditor is concerned with all fraud rather than just the fraud that impacts the financial statements. As such, an internal auditor will likely discover some frauds as a routine part of internal auditing work. Further, an internal auditor plays a key role in developing a system of fraud indicators, so that suspicious activities are flagged and investigated.
- Fraud detection by dedicated departments: Many organizations have departments devoted to information security and fraud detection. For example, a bank may have an internal security department (i.e., loss management department) devoted to customer account fraud.
Investigation:
Investigation is a vital part of forensic accounting and auditing process but only applied when the event or transaction is beclouded. It is carried out when lapse has been established to ascertain who is responsible, the reason for the action including the extent of damage if any. It could be referred to as a detailed verification and clarification of doubt about a transaction or event.
An investigation process comprises following activities:
- Determination of Nature and Scope: The instructions of the client regarding the nature, scope and objective should be obtained in certain and unambiguous terms. The instructions should cover the area of the investigation, the purpose of investigation and the period to be investigated.
- Conduct of Investigation: The investigator may correlate all his findings, analyze all the supporting documents and statements, thoroughly examine the investigation records and draw conclusions. While doing so, he must have an open mind, free from pre-conceived notions. The investigator shall maintain, an exhaustive record of work done, evidences examined, important discussions held etc., as evidence for the investigation conducted. The record maintained by the investigator along with the supporting documents may form the basis for formulation of conclusion and preparation of the investigation report.
- Evidence collection: All information collected needs to be kept confidential, protected against being destroyed. Investigation should comply with applicable laws and rules regarding collecting the information and interviewing witnesses. According to ACFE evidence collection includes internal documents, such as – personal files, internal phone records, computer files and other electronic sources, email, financial records, security camera videos, physical and IT systems access records and external records comprise e.g. public records, customer/vendor information, media reports, information held by third parties, private detective records, computer forensic examination. After gathering of evidence, all information will be analyzed.
- Findings summarized in a written- form protocol: The investigator may correlate all his findings, analyze all the supporting documents and statements, thoroughly examine the investigation records and draw conclusions. While doing so, he must have an open mind, free from pre-conceived notions
ABOUT US
DPNC Global LLP is a full service consulting firm providing multi-disciplinary services to clients ranging from MNCs, Indian Corporates from across industries to Family Offices and UHNIs, both in and outside India.
Our Risk Advisory Services (RAS) team offers solutions to help organizations and their management to effectively balance risk management, governance and compliance while moving towards their short-term and long-term strategic goals. Our team comprises a group of qualified and experienced professionals with in-depth knowledge and specialization in risk advisory services including for conducting Internal Audits, developing Standard Operating Procedures etc. We leverage our knowledge of industry best practices and domains across organizations of all sizes and sectors to streamline and develop systems, processes & solutions that are tailored to be suitable for our clients. To know more about our services in Risk Advisory Services, visit https://dpncglobal.com/risk-advisory/
DISCLAIMER:
The information contained herein is in summary form based on information available on public domain and research. While the information is believed to be accurate to the best of our knowledge, we do not make any representations or warranties, express or implied, as to the accuracy or completeness of this information. Recipients should conduct and rely upon their own examination and analysis and are advised to seek their own professional advice. This note is not an offer, invitation, advice or solicitation of any kind. We accept no responsibility for any errors it may contain, whether caused by negligence or otherwise or for any loss, howsoever caused or sustained, by the person who relies upon it.