Forensics relates to information suitable for courts of law and for public discussion.
[Source: Sawyer’s Internal Auditing, 6th Edition]
Forensic auditing is the application of special skills in accounting, auditing, finance, quantitative methods of law, and investigative skills to collect, analyse and evaluate evidential matter and to interpret and communicate findings.
Forensic accounting is focused upon the identification, interpretation, and communication of the evidence of economic transaction and reporting events. The ultimate goal of a forensic accountant is to communicate an analysis of the evidence of particular economic transactions or reporting events, within some legal framework, so that it is understood and accepted as fact with “scientific certainty;” that is, to present “a legally accurate accounting.” In short, forensic accountants are employed to seek, interpret, and communicate transactional and reporting event evidence in an objective, legally sustainable fashion, not only in situations where there are specific allegations of wrongdoing, but also in situations where interested parties judge that the risk of loss from wrongdoing is such that proper prudence requires legally sustainable evidence to support a realistic conclusion that no wrongdoing is occurring.
The fundamental procedural protocols of forensic accounting relate to the discovery (identification), analysis (interpretation), and communication (presentation) of the evidence of economic transaction and reporting event occurrence and ownership (valuation and accountability) within the established evidentiary standards of the appropriate legal framework. Analysis includes the crucial aspect of recognising the implications of evidence that has been obtained.
The prevalence of fraud is a significant and sensitive concern in both the public and private sectors, which has been intensified by the modern dependence on computers and the increasing volumes of transactions being processed every day. In any organisation which processes thousands of transactions a year, the sheer volume of transactions often defeats the efforts of the staff to identify and prevent fraudulent events. However, if the computer data records contain sufficient detail of the payments and payees, a computerised data-mining review helps greatly to filter the mass of information, and to identify “suspicious” transactions and potential collusion for further investigation. While this process will not necessarily identify every single extant case of fraud, it does facilitate the fraud detection processes by allowing the client to focus their available investigative resources directly on the most likely incidences. In addition to detecting probable cases of fraud, data-mining studies are also valuable in identifying weaknesses in computerised internal control systems, and in facilitating the recovery of funds invalidly paid away.
All organisations are exposed to fraud risk in any process where human involvement is required. An organisation’s exposure to fraud is a function of the fraud risks inherent in the business, the extent to which effective internal controls are present either to prevent or detect fraud, and the honesty and integrity of those involved in the process.
Fraud can occur at various levels in an organisation; therefore, it is important to establish appropriate preventative and detective techniques. Although fraud prevention and detection are related concepts, they are not the same. Fraud prevention entails implementing policies and procedures, employee training, and management communication to educate employees about fraudulent activities. On the other hand, fraud detection entails activities and programs designed to identify fraud or misconduct that is occurring or has occurred. The inter-relationship between fraud prevention, detection, and investigation is shown in the chart below.
Organisations investigate for possible fraud when there is a concern or suspicion of wrongdoing within the organisation. Suspicions can result from a formal complaint process, informal complaint process such as tips, or an audit, including an audit designed to test for fraud. Investigating a fraud is not the same as auditing for fraud, which is an audit designed to proactively detect indications of fraud in those processes or transactions where analysis indicates the risk of fraud to be significant.
A fraud investigation consists of gathering sufficient information about specific details and performing those procedures necessary to determine whether fraud has occurred, the loss of exposures associated with the fraud, who was involved, and how it happened. An important outcome of investigations is that innocent persons are cleared of suspicion.
Investigations attempt to discover the full nature and extent of the fraudulent activity, not just the event that may have initiated the investigation. Investigation work includes preparing, documenting, and preserving evidence sufficient for potential legal proceedings.
Internal auditors, lawyers, investigators, security personnel, and other specialists from inside or outside the organisation usually conduct or participate in fraud investigations.
ORCA can offer expert experience and assistance in Fraud Risk Assessment, Fraud Prevention and Detection, and Forensic Investigations.