What Is a 'Forensic Audit'?
A forensic audit is an examination and evaluation of a company's financial information or a firm's or individual's financial information for use as evidence in court. A forensic audit can be conducted in order to prosecute a party for fraud, embezzlement or other financial claims. In addition, an audit may be conducted to determine negligence or even to determine how much spousal or child support an individual will have to pay.
Breaking Down 'Forensic Audit'
Forensic auditing is a specialization within the field of accounting, and forensic auditors often provide expert testimony during trial proceedings. Most large accounting firms have a forensic auditing department.
The audit covers a wide range of investigative activities performed by accountants. The process may also include serving as an expert witness in a fraud trial. A forensic audit could also cover situations that do not involve fraud or embezzlement, such as disputes related to a bankruptcy, business closures, and divorces.
What Is The Difference Between a Financial Audit And Forensic Audit?
Engaging an audit is an important strategy to run a business, and all business-owners should know to identify the times when an audit is needed. However, forensic auditing is not the same as financial audit, both in terms of objective and procedure, leaving no scope for overlap. A financial audit is aimed at mere examination of the entity’s financial statement, and adds credibility to the reported financial position and performance of a business. For example, sometimes, lenders and suppliers ask for an audited financial statement before they are willing to carry forward with the end of the deal. However, the object of a forensic audit is much beyond that. Forensic audit/accounting is a specialised branch of accounting that requires a specialized skill set for fraud detection. A forensic auditor examines a company’s system of internal controls to identify any weaknesses in the controls designed to safeguard assets and to determine whether anyone in the company has exploited control weaknesses to misappropriate assets for personal gain, including corruption, bribery, extortion, embezzlement, misappropriation, etc. It adds a legal substance to the auditing procedure. Thus, where a financial audit is done, and there is a suspect-asset-fraud, a forensic audit is done to identify that.
Characteristics Of A Good Forensic Audit Report
1. Objective / unbiased: The report should be neutral and non- judgemental.
2. Clear: The content of the report must be clearly understood.
3. Thorough: Includes all information needed to reach a conclusion.
4. Accurate: The content reflects facts as gathered.
5. Professional: Report must be professionally written and presented.
6. Timeliness: Issued within the expected timeframe.
The investigation process follows a similar path as a regular audit of financial statements. The steps can include planning, review and a report. If the investigation was undertaken to discover the presence of fraud, evidence is presented to uncover or disprove the fraud and determine the amount of the damages suffered. The findings are presented to the client — and possibly the court should the case go that far.
During the planning stage, the forensic auditing team establishes objectives, such as identifying if fraud has been committed, how long it has been going on, the parties involved, quantifying the financial loss and providing fraud prevention measures. While gathering evidence, the team collects evidence in the proper manner in order for it to be used in a court case. There are various techniques used to gather evidence. A report is produced for the client with the findings. Lastly, those involved in the forensic audit may be asked to present their findings to the court.
What Are The Things That Are Investigated In a Forensic Audit?
Corruption - Corruption is a major obstacle at corporate levels, and also to socio-economic development. It has far-reaching consequences, even total closure of the company. It can have ill-effects on the image of the business/company and jeopardize it drastically. It includes any illegitimate use of the office and its resources, or dishonest behaviour. In such instances, a forensic auditor tries to look for accounts of bribery and extortion, or anything that will amount to a conflict of interest.
Bribery – It refers to dishonestly influencing one’s role/ position to receive something, and at the same time promising something favourable to the party proving such benefit. The problem with bribery arises due to the fact, that not always does on stand in such a position to offer anything. It hampers the interest and profits of the company when one acts beyond his authority. It is also illegal to do so.
Extortion – Taking a step ahead from bribery, extortion involves the use of threat, force or violence to extract money from another party/person. This may be done on the pretence of ‘protection money’ for small businesses, sophisticated schemes of cyber extortion, etc. the identification of extortion in company finances reduces its credibility in the eyes of its clients, suppliers, etc. which is the primary reason for having a solid financial statement.
Conflict of interest – On a related note, anything, including bribery, that is done with the intention to gain personal benefit, and which is detrimental to the company, forms the objective of a forensic audit.
Asset Misappropriation - This is the most common form of fraud that is prevalent in company finances. This included misappropriation of cash, raising fake invoices, payments made to non-existing suppliers or employees, misuse of assets or theft of Inventory. It happens when people who are entrusted to manage the assets of a company/organisation, steal from it. The biggest possible detriment of such an act is that it may lead to infiltration by other organisations to take control over the control of the victim organisation. The direct hit is on the cash flow of the organisation.
Financial Statement Fraud - Financial statement fraud is the deliberate misrepresentation, misstatement or omission of financial statement data for the purpose of misleading the reader and creating a false impression of an organization’s financial strength. The most common practice here is deferring revenues or expense in a different time period to give the appearance of consistent earnings or growth. Towards the other extreme, it includes overstating of revenues. It diminishes the confidence of capital markets and market participants in the reliability of financial information and decreases the effectivity of the capital market.
Most of the times, corruption and fraud in a company can be regulated and eradicated, without having to go for a forensic audit, and taking drastic legal steps thereafter. The easiest way to ensure this is to implement Anti-Money Laundering (AML) courses among employees, and also harbour an honest work environment. It is pertinent that there exists expressed reliability and accountability mechanisms to help foster such work environment, along with an environment of control. Such techniques reduce the probability of corruption in a company and its ill-effects. Prevention can be considered even at the time of recruitment by way of thorough background checks and vetting processes.
What Is The Regulatory Stance On Forensic Audit?
Reserve Bank of India
The Reserve Bank of India has made forensic audits mandatory for large advances and restructuring of accounts. In light of this, the RBI recently came up with the concept of creating a ‘forensic audit pool.’ It was reported that it wants banks to create a common pool of forensic audit firms so that they can pick one of them quickly whenever a high-value fraud needs to be investigated. The aim was to ensure that there wasn’t any wastage of time in the garb of evaluating the eligibility criteria of auditing firms. It was seen that such a step could pave way for Banks to investigate instances of high-value frauds is that banks can quickly take appropriate action, including fixing staff accountability, lodge complaints with law enforcement agencies, and invoke penal measures, such as debarring fraudulent borrowers from availing bank finance or raising funds from capital markets, explained the official.
Also, by mandating forensic audits, the RBI operationalised a Central Fraud Registry (CFR), a web-based searchable database of frauds containing data for the last 13 years, in January 2016. This was aimed at timely identification and mitigation of frauds and also serve as a potent tool for banks in making informed business decisions. Determined to ‘clean up’ the Indian banking system, the RBI also directed a self-conducted forensic audit for 10 defaulters, on top of the audits done by the Banks, ‘to know whether lenders followed established practices and processes while sanctioning those loans.’
The ED is a law enforcement agency and economic intelligence agency responsible for enforcing economic laws and fighting economic crime in India. It is part of the Department of Revenue, Ministry of Finance. It comprises officers of the Indian Revenue Service, Indian Police Service and the Indian Administrative Service. The ED along with the Serious Fraud Investigation Office has increasingly depicted the need for and importance of forensic audits following the rise in money laundering and wilful default cases that are plaguing the banking system. The recent probe into the Mallya PMLA case by the ED to conduct forensic audits is a stunning example in this regard. This was declared in May, 2016 when the ED declared the possibility of conducting a forensic audit of the electronic platforms on which the accounts and transactions of the group companies of liquor baron Vijay Mallya were being conducted in order to take forward its money laundering probe against him in the alleged Rs 900-crore IDBI bank loan fraud case.
In another recent case, the ED seized mutual funds valued at Rs 10.35 crore under the FEMA law of a company “controlled” by businessman and former IPL Chairman Chirayu Amin in the Panama Papers Case.
Are All Chartered Accountants Equipped To Do A Forensic Audit?
Forensic audit is a specialized field within accountancy. Chartered accountants need special skills to take up forensic audit assignments. There are special courses available with modules covering fraud psychology, criminal laws and forensic tools. Forensic audit uses financial and qualitative tools to detect fraud patterns. It uses special software for financial analysis. The auditors often provide expert testimony during trial proceedings. Most large accounting firms have a forensic auditing department.
How Can Forensic Audits Prevent Generation Of Non-Performing Assets In Banks?
Such audits unearth discrepancies in financial statements. For example, in a recent case, forensic auditors found that a company with huge cash reserves had surprisingly applied for loans. Later, the company was labeled as a willful defaulter.
How Is Forensic Auditing Investigation Conducted?
Step 1 – Accepting the Investigation
A forensic audit is always assigned to an independent firm/group of investigators in order to conduct an unbiased and truthful audit and investigation. Thus, when such a firm receives an invitation to conduct an audit, their first step is to determine whether or not they have the necessary tools, skills and expertise to go forward with such an investigation. They need to do an assessment of their own training and knowledge of fraud detection and legal framework. Only when they are satisfied with such considerations, can they go ahead and accept the investigation.
Step 2 – Planning the Investigation
Planning the investigation is the key step in a forensic audit. The auditor(s) must carefully ascertain the goal of the audit so being conducted, and to carefully determine the procedure to achieve it, through the use of effective tools and techniques. Before planning the investigation, they should be clear on the final categories of the report, which are as follows,
· Identifying the type of fraud that has been operating, how long it has been operating for, and how the fraud has been concealed
· Identifying the fraudster(s) involved
· Quantifying the financial loss suffered by the client
· Gathering evidence to be used in court proceedings
· Providing advice to prevent the recurrence of the fraud.
Fraud Triangle and Fraud Risk : A fraud triangle is a tool used in forensic auditing that explains three interrelated elements that assist the commission of fraud- Pressure (motive), opportunity (ability to carry out the fraud) and rationalization (justification of dishonest intentions). Fraud risk is the vulnerability a company/organisation has to those who are capable of overcoming the three elements in the fraud triangle. Fraud risk assessment is the identification of fraud risks that exist in the company/organisation. The planning involves the formulation of techniques and procedures that align with the fraud risk and fraud risk management.
Planning also includes the identification of the best way/mode to gather evidence. Thus, it is necessary that ample research is done regarding certain investigative, analytical, and technology-based techniques, and also related legal process, with regard to the outcome of such investigation.
Step 3 – Gathering Evidence
In forensic auditing specific procedures are carried out in order to produce evidence. Audit techniques and procedures are used to identify and to gather evidence to prove, for example, how long have fraudulent activities existed and carried out in the organization, and how it was conducted and concealed by the perpetrators. In order to continue, it is pertinent that the planning stage has been thoroughly understood by the investigating team, who are skilled in collecting the necessary evidence.
The investigators can use the following techniques to gather evidence,
· Testing controls to gather evidence which identifies the weaknesses, which allowed the fraud to be perpetrated
· Using analytical procedures to compare trends over time or to provide comparatives between different segments of the business
· Applying computer-assisted audit techniques, for example, to identify the timing and location of relevant details being altered in the computer system
· Discussions and interviews with employees
· Substantive techniques such as reconciliations, cash counts and reviews of documentation.
Forensic Data Analysis (FDA): FDA is the technology used to conduct fraud investigations; the process by which evidence is gathered, summarized and compared with existing different sets of data. The aim here is to detect any anomalies in the data and identify the pattern of such anomalies to indicate fraudulent activity. Such an analysis requires three kinds of expertise,
· Data analyst to perform the technical steps and write the queries
·Team member with extensive experience of the processes and internal controls in the relevant area of the investigated company
· A forensic scientist who is familiar with patterns of fraudulent behaviour
Step 4 – Reporting – A report is required so that it can be presented to client about the fraud. The report would have the findings of the investigation done, evidence so collected in summarised form, loopholes that caused the fraud and how internal controls can be improved to prevent such frauds in future. The report needs to be presented to client so that they can proceed to file a legal case against fraudster.
Step 5 – Court Proceedings – Investigations done by auditor would obviously lead to legal proceedings against suspected fraudster. The team that carried out the Forensic auditor need to be presented during the court proceedings as they would be required to explain the evidence collected and how suspect was identified. They are required to simplify the complex accounting issues and explain in layman language so that people who have no understanding about the accounting terms can also understand the fraud that was carried on by the suspect.
To summarize, a forensic audit is a detailed engagement which requires expertise of not only accounting and auditing procedures but also expert knowledge and experience about the legal framework. A Forensic auditor is required to have understanding of various frauds that can be carried out and also how the evidence needs to be collected. Having a understanding of legal framework and ability to face the court and the stress put in by defense counsel is also required.
Auditing for Quality Control
While many associated auditing with finding flaws, it can be just as important to strengthen a company’s already good business practices. Many companies self-audit on a regular basis to make sure that production and workflows are running smoothly without waste. By presenting regular audits of sound financial practices, a company improves its standing for shareholders, clients and customers, and the report generated by the audit gives executives a better sense for the internal finances of the business.
Of course, this can lead to a downside if the auditing company itself is committing fraud or if it is in collusion with the company or its managers to falsify reports. In this case, a forensic audit may be requested by a judge or an outside company to either determine the lost income as a result of a fraudulent report or to determine the damage that falsified reports caused to shareholders, clients or employees.
How Are Forensic Audits Used in Court?
Forensic audits are presented as evidence by a prosecutor or by a lawyer representing an interested party. Because finance is a complex discipline, the jargon used by forensic auditors to describe a company’s financial position is often highly precise. This either requires a prosecutor or lawyer to call upon expert witnesses to explain the significance of the audit in layman’s terms or to have the auditor do so himself or herself in order to build a case.
Scope of Forensic Accounting in India:
1. RBI Red Flagged Accounts needs forensic, in coming period RBI may make it compulsory for advances above certain threshold.
2. Serious Fraud Investigation Office established under the Companies Act, 2013 could also provide investigation assignments for Forensic Accountants.
3. Economic Offences Wings also require help of experienced Chartered Accountants in Forensics.
4.There are many internal frauds happening in Corporates nowadays.
5. Forensic services are also required during the course of Due Diligence in case of Mergers & Acquisitions.
6. Cyber Forensics is one of the growing field.
7. Forensic Accounting and Auditing has a huge scope in India as per the current market scenario.
With regards to qualification one may do the Certificate Course on Forensic Accounting and Fraud Prevention (FAFP) offered by ICAI after clearing your CA Exams. One may also pursue Diploma in Systems Audit (DISA) which may be helpful. Certified Fraud Examiner (CFE) is also a worthy credential for a Forensic Accountant. It requires Bachelor’s in any field with 2 years fraud related experience.
Like all other types of audit and investigation assignments forensic audit in banks too have its own gambit of hindrances and challenges which a forensic auditor experiences during the course of the assignment. The list of challenges are not exhaustive (may be an indicative one) since it varies with the clients as well as with the nature of assignment along with the perspective of the person conducting the forensic job. Details of such challenges are widely available both in hard and in soft form which may be read by the interested readers.
The above subject might look like a bit confusing for those who are new to this field. But for experienced and veterans this is a very well known phenomenon which is the very basic requirement of a forensic auditor. “Learn-Unlearn-Relearn” in simple terms may be defined as “changing your outlook from the normal audit and investigation and think something out of the box”. To me this is the most important challenge of the forensic auditor. Being professionals we are mainly focused with the standards issued by the various authorities and legal requirements along with the effect on the financials. But for the forensic auditors, the basic thing which comes first to his mind is the authenticity of the facts and records produced or gathered by him during the course of the assignment.
For professionals like us who have in the field of audit and allied services, gathered knowledge with the passage of time to serve the profession, this is the first part i.e. “learn”. In order to cope up with the areas of forensic audit, we need to change our basic line of thinking and have to change ourselves to look into things from a different angle, i.e.”Unlearn”. In order to complete the job effectively, we need to learn the techniques of forensic audit to deliver results successfully to our clients which can be used as an evidence in the Court of law successfully, this is “Relearn”.
Because forensic auditors must often follow long and winding paths through the financial records they peruse, they may find that pools of money travel through various departments, companies and entities. Following these trails requires interviewing many types of people, ranging from other accountants to managers to CEOs. A big challenge, therefore, is knowing whom to interview and how to conduct an interview that helps the auditor solve the case, reveal fraud or recover money.
Unlike general auditors, who may work in relative solitude their whole careers, forensic auditors may be called to the witness stand in Court cases. This presents a huge challenge to aspiring forensic auditors who might be called upon to give and defend testimony. Many people are simply uncomfortable expressing their stories before a Courtroom or when they are crossed-examined by an intimidating attorney.
Forensic auditors should be able to simplify and communicate information, and not just as it relates to Court cases. They need to be able to translate abstract numbers into written or oral reports that non-accountants can understand. Forensic auditors also need a certain amount of investigative intuition that may not be easy to learn within a very short period of time.
Content of Forensic Audit Report:
1. Covering letter : Usages Restriction clause can be mentioned here according to the situation demands and to avoid further legal complications.
2. Main Report
a) Introduction / Background : Brief fact of cases, name of both parties, business or work.
Why Forensic Audit required.
b) Outlining the Terms of Reference of Appointment Letter - Redraft the Terms of Reference if the Scope of work has been enlarged / reduced in the course of Investigation
c) Methodology of Reporting / Reporting Pattern:
· Areas Covered – Extent of checking : Bone of discontent :
· Period covered. Depends …not fixed….
· Specific functions areas covered
· % Of total records checked
· Bedford's Law
· RSF (Relative Size Factor) = largest / 2nd largest
· Use of software : ACL /Idea/ encase
· Disk Imaging
d) Auditing Techniques Adopted in the Investigation: Carefully narrate this area – do no elaborate much. If forensic auditing techniques had not been adopted then mention it also.
This will be an example of the Liability Exclusion Clause. Mention apart from general audit techniques, what other specific audit techniques had been adopted.
Mention the positions with whom you have carried out the discussions and other interviewing.
If any interrogation had been carried out the mention it in suitable context. Mention the Confession documents if any. Also mention that it is no way limiting your scope of work and extent of checking.
Public and authentic data Source: -
2.Income Tax papers
3.Registrar office documents
5.Expert Advice : Clinic Report : age of documents / Hand Writing
e) Books and records / documents reviewed / examined:
Basis of reporting. Narrate with reference to manual and computerized records.
External documents / evidences , if any :
3rd Party: Bank statements etc
f) Detailed Observations in each area of work under following heads:
I ) Modus Operandi of Fraud : Common Term
II) Nature of Fraud
III) Quantum Involved
g) Responsibility Fixation :Direct Beneficiary and Indirect Beneficiary Try to highlight the persons who have the direct and indirect involvement in the scheme of manipulation / fraud. Carefully draft this area.
h) Determination of Total Quantum of Fraud and The Amount/ Further Amount to be recovered from the Perpetrator.
Summation of quantum of fraud for each area. Deduct the amount already recovered from the total quantum of fraud. Forensic Auditor need not suggest the Management to initiate criminal proceeding / sack / transfer of the persons involved in fraud. This is the duty of the appointing authority.
Note: Information placed here in above is only for general perception. This may not reflect the latest status on law and may have changed in recent time. Please seek our professional opinion before applying the provision. Thanks.