FORENSIC
AUDIT
What
Is a 'Forensic Audit'?
A forensic audit is an
examination and evaluation of a company's financial information or a firm's or
individual's financial information for use as evidence in court. A forensic
audit can be conducted in order to prosecute a party for fraud, embezzlement or
other financial claims. In addition, an audit may be conducted to determine
negligence or even to determine how much spousal or child support an individual
will have to pay.
Breaking
Down 'Forensic Audit'
Forensic auditing is a
specialization within the field of accounting, and forensic auditors often
provide expert testimony during trial proceedings. Most large accounting firms
have a forensic auditing department.
The audit covers a wide
range of investigative activities performed by accountants. The process may
also include serving as an expert witness in a fraud trial. A forensic audit
could also cover situations that do not involve fraud or embezzlement, such as
disputes related to a bankruptcy, business closures, and divorces.
What
Is The Difference Between a Financial Audit And Forensic Audit?
Engaging an audit is an
important strategy to run a business, and all business-owners should know to
identify the times when an audit is needed. However, forensic auditing is not
the same as financial audit, both in terms of objective and procedure, leaving
no scope for overlap. A financial audit is aimed at mere examination of the
entity’s financial statement, and adds credibility to the reported financial
position and performance of a business. For example, sometimes, lenders and
suppliers ask for an audited financial statement before they are willing to
carry forward with the end of the deal. However, the object of a forensic audit
is much beyond that. Forensic audit/accounting is a specialised branch of
accounting that requires a specialized skill set for fraud detection. A
forensic auditor examines a company’s system of internal controls to identify
any weaknesses in the controls designed to safeguard assets and to determine
whether anyone in the company has exploited control weaknesses to misappropriate
assets for personal gain, including corruption, bribery, extortion,
embezzlement, misappropriation, etc. It adds a legal substance to the auditing
procedure. Thus, where a financial audit is done, and there is a
suspect-asset-fraud, a forensic audit is done to identify that.
Characteristics
Of A Good Forensic Audit Report
1. Objective / unbiased:
The report should be neutral and non- judgemental.
2. Clear: The content
of the report must be clearly understood.
3. Thorough: Includes
all information needed to reach a conclusion.
4. Accurate: The
content reflects facts as gathered.
5. Professional: Report
must be professionally written and presented.
6. Timeliness: Issued
within the expected timeframe.
The
Process
The investigation
process follows a similar path as a regular audit of financial statements. The
steps can include planning, review and a report. If the investigation was
undertaken to discover the presence of fraud, evidence is presented to uncover
or disprove the fraud and determine the amount of the damages suffered. The
findings are presented to the client — and possibly the court should the case
go that far.
During the planning
stage, the forensic auditing team establishes objectives, such as identifying
if fraud has been committed, how long it has been going on, the parties
involved, quantifying the financial loss and providing fraud prevention
measures. While gathering evidence, the team collects evidence in the proper
manner in order for it to be used in a court case. There are various techniques
used to gather evidence. A report is produced for the client with the findings.
Lastly, those involved in the forensic audit may be asked to present their
findings to the court.
What
Are The Things That Are Investigated In a Forensic Audit?
Corruption
- Corruption
is a major obstacle at corporate levels, and also to socio-economic
development. It has far-reaching consequences, even total closure of the
company. It can have ill-effects on the image of the business/company and
jeopardize it drastically. It includes any illegitimate use of the office and
its resources, or dishonest behaviour. In such instances, a forensic auditor
tries to look for accounts of bribery and extortion, or anything that will
amount to a conflict of interest.
Bribery
-
It refers to dishonestly influencing one’s role/ position to receive something,
and at the same time promising something favourable to the party proving such
benefit. The problem with bribery arises due to the fact, that not always does
on stand in such a position to offer anything. It hampers the interest and
profits of the company when one acts beyond his authority. It is also illegal
to do so.
Extortion
–
Taking a step ahead from bribery, extortion involves the use of threat, force
or violence to extract money from another party/person. This may be done on the
pretence of ‘protection money’ for small businesses, sophisticated schemes of
cyber extortion, etc. the identification of extortion in company finances
reduces its credibility in the eyes of its clients, suppliers, etc. which is
the primary reason for having a solid financial statement.
Conflict
of interest – On a related note, anything, including
bribery, that is done with the intention to gain personal benefit, and which is
detrimental to the company, forms the objective of a forensic audit.
Asset
Misappropriation - This is the most common form of fraud
that is prevalent in company finances. This included misappropriation of cash,
raising fake invoices, payments made to non-existing suppliers or employees,
misuse of assets or theft of Inventory. It happens when people who are
entrusted to manage the assets of a company/organisation, steal from it. The
biggest possible detriment of such an act is that it may lead to infiltration
by other organisations to take control over the control of the victim
organisation. The direct hit is on the cash flow of the organisation.
Financial
Statement Fraud - Financial statement fraud is the
deliberate misrepresentation, misstatement or omission of financial statement
data for the purpose of misleading the reader and creating a false impression
of an organization’s financial strength. The most common practice here is
deferring revenues or expense in a different time period to give the appearance
of consistent earnings or growth. Towards the other extreme, it includes
overstating of revenues. It diminishes the confidence of capital markets and
market participants in the reliability of financial information and decreases
the effectivity of the capital market.
Most of the times,
corruption and fraud in a company can be regulated and eradicated, without
having to go for a forensic audit, and taking drastic legal steps thereafter.
The easiest way to ensure this is to implement Anti-Money Laundering (AML)
courses among employees, and also harbour an honest work environment. It is
pertinent that there exists expressed reliability and accountability mechanisms
to help foster such work environment, along with an environment of control.
Such techniques reduce the probability of corruption in a company and its
ill-effects. Prevention can be considered even at the time of recruitment by
way of thorough background checks and vetting processes.
What
Is The Regulatory Stance On Forensic Audit?
Reserve
Bank of India
The Reserve Bank of
India has made forensic audits mandatory for large advances and restructuring
of accounts. In light of this, the RBI recently came up with the concept of
creating a ‘forensic audit pool.’ It was reported that it wants banks to create
a common pool of forensic audit firms so that they can pick one of them quickly
whenever a high-value fraud needs to be investigated. The aim was to ensure
that there wasn’t any wastage of time in the garb of evaluating the eligibility
criteria of auditing firms. It was seen that such a step could pave way for
Banks to investigate instances of high-value frauds is that banks can quickly
take appropriate action, including fixing staff accountability, lodge
complaints with law enforcement agencies, and invoke penal measures, such as
debarring fraudulent borrowers from availing bank finance or raising funds from
capital markets, explained the official.
Also, by mandating
forensic audits, the RBI operationalised a Central Fraud Registry (CFR), a
web-based searchable database of frauds containing data for the last 13 years,
in January 2016. This was aimed at timely identification and mitigation of
frauds and also serve as a potent tool for banks in making informed business
decisions. Determined to ‘clean up’ the Indian banking system, the RBI also
directed a self-conducted forensic audit for 10 defaulters, on top of the
audits done by the Banks, ‘to know whether lenders followed established
practices and processes while sanctioning those loans.’
Enforcement
Directorate
The ED is a law
enforcement agency and economic intelligence agency responsible for enforcing
economic laws and fighting economic crime in India. It is part of the
Department of Revenue, Ministry of Finance. It comprises officers of the Indian
Revenue Service, Indian Police Service and the Indian Administrative Service.
The ED along with the Serious Fraud Investigation Office has increasingly
depicted the need for and importance of forensic audits following the rise in
money laundering and wilful default cases that are plaguing the banking system.
The recent probe into the Mallya PMLA case by the ED to conduct forensic audits
is a stunning example in this regard. This was declared in May, 2016 when the
ED declared the possibility of conducting a forensic audit of the electronic
platforms on which the accounts and transactions of the group companies of
liquor baron Vijay Mallya were being conducted in order to take forward its
money laundering probe against him in the alleged Rs 900-crore IDBI bank loan
fraud case.
In another recent case,
the ED seized mutual funds valued at Rs 10.35 crore under the FEMA law of a
company “controlled” by businessman and former IPL Chairman Chirayu Amin in the
Panama Papers Case.
Are
All Chartered Accountants Equipped To Do A Forensic Audit?
Forensic audit is a
specialized field within accountancy. Chartered accountants need special skills
to take up forensic audit assignments. There are special courses available with
modules covering fraud psychology, criminal laws and forensic tools. Forensic
audit uses financial and qualitative tools to detect fraud patterns. It uses
special software for financial analysis. The auditors often provide expert
testimony during trial proceedings. Most large accounting firms have a forensic
auditing department.
How
Can Forensic Audits Prevent Generation Of Non-Performing Assets In Banks?
Such audits unearth
discrepancies in financial statements. For example, in a recent case, forensic
auditors found that a company with huge cash reserves had surprisingly applied
for loans. Later, the company was labeled as a willful defaulter.
How
Is Forensic Auditing Investigation Conducted?
Step 1 - Accepting the
Investigation
A forensic audit is
always assigned to an independent firm/group of investigators in order to
conduct an unbiased and truthful audit and investigation. Thus, when such a
firm receives an invitation to conduct an audit, their first step is to
determine whether or not they have the necessary tools, skills and expertise to
go forward with such an investigation. They need to do an assessment of their
own training and knowledge of fraud detection and legal framework. Only when
they are satisfied with such considerations, can they go ahead and accept the
investigation.
Step 2 - Planning the
Investigation
· Identifying the type of fraud that has
been operating, how long it has been operating for, and how the fraud has been
concealed
· Identifying the fraudster(s) involved
· Quantifying the financial loss suffered
by the client
· Gathering evidence to be used in court
proceedings
· Providing advice to prevent the
recurrence of the fraud.
Fraud Triangle and
Fraud Risk : A fraud triangle is a tool used in forensic auditing that explains
three interrelated elements that assist the commission of fraud- Pressure
(motive), opportunity (ability to carry out the fraud) and rationalization
(justification of dishonest intentions). Fraud risk is the vulnerability a
company/organisation has to those who are capable of overcoming the three elements
in the fraud triangle. Fraud risk assessment is the identification of fraud
risks that exist in the company/organisation. The planning involves the
formulation of techniques and procedures that align with the fraud risk and
fraud risk management.
Planning also includes
the identification of the best way/mode to gather evidence. Thus, it is
necessary that ample research is done regarding certain investigative,
analytical, and technology-based techniques, and also related legal process,
with regard to the outcome of such investigation.
Step 3 - Gathering
Evidence
In forensic auditing
specific procedures are carried out in order to produce evidence. Audit
techniques and procedures are used to identify and to gather evidence to prove,
for example, how long have fraudulent activities existed and carried out in the
organization, and how it was conducted and concealed by the perpetrators. In
order to continue, it is pertinent that the planning stage has been thoroughly
understood by the investigating team, who are skilled in collecting the
necessary evidence.
The investigators can
use the following techniques to gather evidence,
· Testing controls to gather evidence
which identifies the weaknesses, which allowed the fraud to be perpetrated
· Using analytical procedures to compare
trends over time or to provide comparatives between different segments of the
business
· Applying computer-assisted audit
techniques, for example, to identify the timing and location of relevant
details being altered in the computer system
· Discussions and interviews with
employees
· Substantive techniques such as
reconciliations, cash counts and reviews of documentation.
Forensic Data Analysis
(FDA): FDA is the technology used to conduct fraud investigations; the process
by which evidence is gathered, summarized and compared with existing different
sets of data. The aim here is to detect any anomalies in the data and identify
the pattern of such anomalies to indicate fraudulent activity. Such an analysis
requires three kinds of expertise,
· Data analyst to perform the technical
steps and write the queries
·Team member with extensive experience of
the processes and internal controls in the relevant area of the investigated
company
· A forensic scientist who is familiar
with patterns of fraudulent behaviour
Step 4 – Reporting
A report is required so that it can be presented to client about the fraud. The report would have the findings of the investigation done, evidence so collected in summarised form, loopholes that caused the fraud and how internal controls can be improved to prevent such frauds in future. The report needs to be presented to client so that they can proceed to file a legal case against fraudster.
A report is required so that it can be presented to client about the fraud. The report would have the findings of the investigation done, evidence so collected in summarised form, loopholes that caused the fraud and how internal controls can be improved to prevent such frauds in future. The report needs to be presented to client so that they can proceed to file a legal case against fraudster.
Step 5 - Court
Proceedings
Investigations done by auditor would obviously lead to legal proceedings against suspected fraudster. The team that carried out the Forensic auditor need to be presented during the court proceedings as they would be required to explain the evidence collected and how suspect was identified. They are required to simplify the complex accounting issues and explain in layman language so that people who have no understanding about the accounting terms can also understand the fraud that was carried on by the suspect.
Investigations done by auditor would obviously lead to legal proceedings against suspected fraudster. The team that carried out the Forensic auditor need to be presented during the court proceedings as they would be required to explain the evidence collected and how suspect was identified. They are required to simplify the complex accounting issues and explain in layman language so that people who have no understanding about the accounting terms can also understand the fraud that was carried on by the suspect.
To summarize, a
forensic audit is a detailed engagement which requires expertise of not only
accounting and auditing procedures but also expert knowledge and experience
about the legal framework. A Forensic auditor is required to have understanding
of various frauds that can be carried out and also how the evidence needs to be
collected. Having a understanding of legal framework and ability to face the
court and the stress put in by defense counsel is also required.
Auditing
for Quality Control
While many associated
auditing with finding flaws, it can be just as important to strengthen a
company’s already good business practices. Many companies self-audit on a
regular basis to make sure that production and workflows are running smoothly
without waste. By presenting regular audits of sound financial practices, a
company improves its standing for shareholders, clients and customers, and the
report generated by the audit gives executives a better sense for the internal
finances of the business.
Of course, this can
lead to a downside if the auditing company itself is committing fraud or if it
is in collusion with the company or its managers to falsify reports. In this
case, a forensic audit may be requested by a judge or an outside company to
either determine the lost income as a result of a fraudulent report or to
determine the damage that falsified reports caused to shareholders, clients or
employees.
How
Are Forensic Audits Used in Court?
Forensic audits are
presented as evidence by a prosecutor or by a lawyer representing an interested
party. Because finance is a complex discipline, the jargon used by forensic
auditors to describe a company’s financial position is often highly precise.
This either requires a prosecutor or lawyer to call upon expert witnesses to
explain the significance of the audit in layman’s terms or to have the auditor
do so himself or herself in order to build a case.
Scope
of Forensic Accounting in India:
1. RBI Red Flagged Accounts needs forensic,
in coming period RBI may make it compulsory for advances above certain
threshold.
2. Serious Fraud Investigation Office
established under the Companies Act, 2013 could also provide investigation
assignments for Forensic Accountants.
3. Economic Offences Wings also require
help of experienced Chartered Accountants in Forensics.
4.There are many internal frauds happening
in Corporates nowadays.
5. Forensic services are also required
during the course of Due Diligence in case of Mergers & Acquisitions.
6. Cyber Forensics is one of the growing
field.
7. Forensic Accounting and Auditing has a
huge scope in India as per the current market scenario.
With regards to
qualification one may do the Certificate Course on Forensic Accounting and
Fraud Prevention (FAFP) offered by ICAI after clearing your CA Exams. One may
also pursue Diploma in Systems Audit (DISA) which may be helpful. Certified
Fraud Examiner (CFE) is also a worthy credential for a Forensic Accountant. It
requires Bachelor’s in any field with 2 years fraud related experience.
Challenges
Like all other types of
audit and investigation assignments forensic audit in banks too have its own
gambit of hindrances and challenges which a forensic auditor experiences during
the course of the assignment. The list of challenges are not exhaustive (may be
an indicative one) since it varies with the clients as well as with the nature
of assignment along with the perspective of the person conducting the forensic
job. Details of such challenges are widely available both in hard and in soft
form which may be read by the interested readers.
Learn-Unlearn-Relearn
The above subject might
look like a bit confusing for those who are new to this field. But for experienced
and veterans this is a very well known phenomenon which is the very basic requirement
of a forensic auditor. “Learn-Unlearn-Relearn” in simple terms may be defined
as “changing your outlook from the normal audit and investigation and think
something out of the box”. To me this is the most important challenge of the
forensic auditor. Being professionals we are mainly focused with the standards
issued by the various authorities and legal requirements along with the effect
on the financials. But for the forensic auditors, the basic thing which comes
first to his mind is the authenticity of the facts and records produced or
gathered by him during the course of the assignment.
For professionals like
us who have in the field of audit and allied services, gathered knowledge with
the passage of time to serve the profession, this is the first part i.e.
“learn”. In order to cope up with the areas of forensic audit, we need to
change our basic line of thinking and have to change ourselves to look into
things from a different angle, i.e.”Unlearn”. In order to complete the job
effectively, we need to learn the techniques of forensic audit to deliver
results successfully to our clients which can be used as an evidence in the
Court of law successfully, this is “Relearn”.
Interviewing
Because forensic
auditors must often follow long and winding paths through the financial records
they peruse, they may find that pools of money travel through various
departments, companies and entities. Following these trails requires
interviewing many types of people, ranging from other accountants to managers
to CEOs. A big challenge, therefore, is knowing whom to interview and how to
conduct an interview that helps the auditor solve the case, reveal fraud or
recover money.
Court
Presence
Unlike general
auditors, who may work in relative solitude their whole careers, forensic auditors
may be called to the witness stand in Court cases. This presents a huge challenge
to aspiring forensic auditors who might be called upon to give and defend
testimony. Many people are simply uncomfortable expressing their stories before
a Courtroom or when they are crossed-examined by an intimidating attorney.
Specialised
Skills
Forensic auditors
should be able to simplify and communicate information, and not just as it relates
to Court cases. They need to be able to translate abstract numbers into written
or oral reports that non-accountants can understand. Forensic auditors also
need a certain amount of investigative intuition that may not be easy to learn
within a very short period of time.
Content
of Forensic Audit Report:
1. Covering letter :
Usages Restriction clause can be mentioned here according to the situation
demands and to avoid further legal complications.
2. Main Report
a) Introduction /
Background : Brief fact of cases, name of both parties, business or work.
Why Forensic Audit
required.
b) Outlining the Terms
of Reference of Appointment Letter - Redraft the Terms of Reference if the
Scope of work has been enlarged / reduced in the course of Investigation
c) Methodology of
Reporting / Reporting Pattern:
·
Areas Covered – Extent of checking :
Bone of discontent :
·
Period covered. Depends …not fixed….
·
Specific functions areas covered
·
% Of total records checked
·
Bedford's Law
·
RSF (Relative Size Factor) = largest /
2nd largest
·
Use of software : ACL /Idea/ encase
·
Disk Imaging
d) Auditing Techniques
Adopted in the Investigation: Carefully narrate this area – do no elaborate
much. If forensic auditing techniques had not been adopted then mention it
also.
This will be an example
of the Liability Exclusion Clause. Mention apart from general audit techniques,
what other specific audit techniques had been adopted.
Mention the positions
with whom you have carried out the discussions and other interviewing.
If any interrogation
had been carried out the mention it in suitable context. Mention the Confession
documents if any. Also mention that it is no way limiting your scope of work
and extent of checking.
Public and authentic
data Source: -
1.MCA
2.Income Tax papers
3.Registrar office
documents
4.Labortary report
5.Expert Advice :
Clinic Report : age of documents / Hand Writing
e) Books and records /
documents reviewed / examined:
Basis of reporting.
Narrate with reference to manual and computerized records.
External documents /
evidences , if any :
3rd Party: Bank
statements etc
f) Detailed
Observations in each area of work under following heads:
I ) Modus Operandi of
Fraud : Common Term
II) Nature of Fraud
III) Quantum Involved
g) Responsibility
Fixation :Direct Beneficiary and Indirect Beneficiary Try to highlight the
persons who have the direct and indirect involvement in the scheme of
manipulation / fraud. Carefully draft this area.
h) Determination of
Total Quantum of Fraud and The Amount/ Further Amount to be recovered from the
Perpetrator.
Summation of quantum of
fraud for each area. Deduct the amount already recovered from the total quantum
of fraud. Forensic Auditor need not suggest the Management to initiate criminal
proceeding / sack / transfer of the persons involved in fraud. This is the duty
of the appointing authority.
-------------------------------------------------------------------------------------------------