7/12/2013

1

THE IMPACT OF TECHNOLOGY ON STANDARDS AND DETECTING, PREVENTING AND INVESTIGATING FRAUD

JIM KAPLAN CIA CFEPRESIDENT AND FOUNDERAUDITNET®

A Changing Landscape for Professionals

1© AuditNet® 2013

Agenda

Introduction

Technology Then and Now

Standard Changes and Technology

Evolution of Professional Networking

Latest Technology Tools for Fraud Auditors

Trends and the Future of Audit Technology for Detecting and Investigating Fraud

2

© AuditNet® 2013

7/12/2013

2

Then and Now3

© AuditNet® 2013

Auditors and Technology

Early Adopters

Innovators (into the new from Latin

Interested in new methods & techniques

Risk takers

Forward thinking

Gen X & Y

Laggards

Wait and see

Cautious

Hangs back

Last group to try or adopt a new product

Dislike change

4

© AuditNet® 2013

7/12/2013

3

Standards Evolution5

1954 to the mid-1960s, the auditing profession was still auditing around the computer – Why?

1968, the American Institute of Certified Public Accountants (AICPA) had the Big Eight (now the Big Four) accounting firms participate in the development of EDP auditing.

December 1974 SAP 3 The Effects of EDP on the Auditor's Study and Evaluation of Internal Control

1977 Electronic Data Processing Auditors Association (EDPAA) published Control Objectives

July 1984 SAS 48 The Effects of Computer Processing on the Audit of Financial Statements

June 2001 SAS 94, The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit.

© AuditNet® 2013

Standards and Regulatory Evolution6

SEC, Final Rule: Management’s Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports

PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed In Conjunction With an Audit of Financial Statements

SAS 99, Consideration of Fraud in a Financial Statement Audit SAS 99 Exhibit, Management Antifraud Programs and Controls Committee of Sponsoring Organizations of the Treadway

Commission, Internal Control—Integrated Framework United States Sentencing Commission, Guidelines Manual 2009 Internal Auditing and Fraud and GTAG 13: Fraud Prevention

and Detection in an Automated World

© AuditNet® 2013

7/12/2013

4

Computers, Auditors and CAATTs

The Evolution of CAATTs 80’s Around Through With EDP/IT Auditors Mainframe

Audit Software 90’s Data extraction and analysis IT and non IT Auditors Windows

The Millenium Software for all phases (planning, fieldwork, GRC) Cloud computing

7

© AuditNet® 2013

Impact of Technology

Computers and networks provide most of the information needed for auditing

Computer crime is increasing as fraudsters see value in information as well as financial assets

Auditors and fraud examiners must use the computer as an auditing tool

Auditors and fraud examiners must also use the computer for audit administration

8

© AuditNet® 2013

7/12/2013

5

Impact of Technology

What I did in my youth is hundreds of times easier today. Technology breeds crime

9

© AuditNet® 2013

Impact of New Technology on the Profession

Professional Standards for Certified Fraud Examiners

IIA Professional Standards Fraud and Technology

10

© AuditNet® 2013

7/12/2013

6

Certifications for Fraud Auditors11

Initials Description Organization

CITP Certified Information Technology Professional (CITP AICPA

CFE Certified Fraud Examiner ACFE

CFF Certified in Financial Forensics AICPA

CAMS Certified Anti-Money Laundering Specialist ACALS

CFFA Certified Forensic Financial Analyst (NACVA)

CIFI Certified Insurance Fraud Investigator IASIU

CBCO Certified Bank Compliance Officer BAI

CISA Certified Information Systems Auditor ISACA

CIA Certified Internal Auditors CIA

CPA Certified Public Accountant AICPA

© AuditNet® 2013

New Technologies and their Impact

Mobile computing

The Cloud or Internet based services SaaS (application based) PaaS (end to end SDLC) IaaS (servers, storage, network)

12

© AuditNet® 2013

7/12/2013

7

Social Media

Social Media Defined

The good the bad and the ugly

What is the primary risk?

13

© AuditNet® 2013

Technology as an Enabler

There is a wide array of specialized tools to support and enhance the entire spectrum of internal audit processes … for the most part (auditors) are not taking advantage of them

Not surprisingly, survey participants predict that

technology will affect internal audit roles and

responsibilities more than any other business

trend.PwC 2010 Study on the State of the internal audit profession

14

© AuditNet® 2013

7/12/2013

8

Audit Software15

© AuditNet® 2013

Categories of Audit Software Technology

AutomatedIssues

Tracking

ElectronicWork Papers

RiskAssessment

ContinuousControls

Monitoring

Anti FraudSoftware

GRC

Audit Management

Software

Audit Resource

Scheduling

DataAnalytics

16

© AuditNet® 2013

7/12/2013

9

Data Analysis for Auditors and CFE’s

Although internal auditors have been doing data analysis for more than 25 years, it has only recently started to become standard practice.

By our nature, most accountants and auditors are inclined to stick with what has worked in the past, rather than reach outside our comfort zone for an alternative that could help us accomplish more.

Do you reach outside your comfort zone?

17

© AuditNet® 2013

New Tools New Approach

Technology advances require a change in the approach for detecting and investigating fraud

Fraud risk analysis is now a required part of an auditors responsibilities

Proactive approach to detecting fraud

Identifying risks early using audit software to detect anomalies is no longer optional

Data analytic KSA’s now a basic facet of an auditor’s toolbox

18

© AuditNet® 2013

7/12/2013

10

Obstacles to Implementation

Failure to plan for use Lack of an FRA methodology Skill set gap - Department size Cost implication Complexity of the software Resistance in training auditors Failure of software to meet audit departments needs

19

© AuditNet® 2013

Heard on the Street

Technology Initiatives considered having the most impact (2012 AICPA Top Technology Issues)

1.Information security2.Remote access3.Control and use of mobile devices4.Business process improvement with technology5.Data retention policies and structure6.Privacy policies and compliance7.Staff and management training8.Spreadsheet management9.Overall data proliferation and control10.Portals (vendor and client/customer)

20

© AuditNet® 2013

7/12/2013

11

New Tools for Fraud Examiners21

© AuditNet® 2013

New Tools

Sept, 2008…. Any device, Any time, Any

where was born

Users not interested in security, they want to trust, not to be trusted

Any unprotected device connected to both the Internet & and company LAN poses a security risk

22

© AuditNet® 2013

7/12/2013

12

Impact of Technology on Detecting Fraud

Proactive Fraud Detection Computer-aided fraud detection skills

Data Extraction

Scripting

Analyzing Data

Automation

Data is the key to detecting fraud with technology

Benford’s Law analysis using technology

Continuous monitoring software suites

23

© AuditNet® 2013

Impact of Technology on Detecting Fraud

Digital Information Explosion (DIE) has created greater opportunities for fraud examiners and auditors. Asset recovery Anomalies in data through 100% analysis Examining digital information on mobile devices Using social media to profile fraudsters Social Network Analysis (SNA) Using data analytics to detect property and casualty

claims fraud

24

© AuditNet® 2013

7/12/2013

13

Audit Apps for iPhones/iPads25

© AuditNet® 2013

Imagine the Possibilities

Access your computer from remote locations Collaborate using tools from the road Access audit programs, work papers and more

from your mobile device Join Anti-Fraud Webinars and Webcasts for

training Conduct or participate in virtual meetings with

staff, clients etc.

26

© AuditNet® 2013

7/12/2013

14

Trends and their Impact

Mobile devices and wireless computing

Smart devices and malware

Cloud sourcing and computing – security, governance and compliance

Social media platform for communications

Continuous risk and control assessment

Reporting to the Board using SOTA technology

27

© AuditNet® 2013

Skill Set for Future Auditors

Multi-disciplinary less accountants more business oriented

Critical thinking skills

Strong communication skills

Audit Technology oriented

28

© AuditNet® 2013

7/12/2013

15

The Impact of Technology Observations

Not surprisingly, survey participants predict thattechnology will affect internal audit roles andresponsibilities more than any other businesstrend.High-performing internal audit functions maximizethe use of technology to enhance the efficiency,effectiveness, and quality of operations.

PwC 2012 Study on the State of the internal audit profession

29

© AuditNet® 2013

AuditNet® Survey - 2012 State of Technology Use by Auditors

Profile of Over 1,500 Responses• 45% 5 or less auditors• Technology tools used – mostly data analytics and

EWP • Technology tools least used – monitoring (continuous

audit and fraud), GRC, risk compliance• Only 17% feel that their auditors are technology

proficient• Technology training primarily OJT• 35% maintain an inventory of audit technology

tools• More than half (54%) rated their department at the

informal use level (ad hoc or none at all) for audit technology

• Less than 4% rated their department at the highest maturity level

30

© AuditNet® 2013

7/12/2013

16

AuditNet® 10 Point Action Plan for Integrating Technology in Audit

1. Conduct an inventory of audit technology tools2. Provide training for all staff in use of audit

technology3. Measure staff technology KSA4. Build a business case for audit technology5. Work with IT and Senior Management on cost6. Hire auditors with technology skills7. Find a technology champion and influencer8. Establish an audit technology assessment

benchmark and update annually9. Require the use of technology for all audit and

administrative tasks10. Develop a succession plan so that audit software

does not become shelfware

31

© AuditNet® 2013

Strategic Fraud Detection Approach

32

© AuditNet® 2013

Source: Strategic Fraud Detection: A Technology-Based ModelConan C. Albrecht W. Steve Albrecht

7/12/2013

17

Future Predictions

Standards will mandate use of technology tools for audit

New generation of auditors must have the KSA to utilize technology

If auditors and audit departments do not adapt to new technology they risk outsourcing

Social networking will evolve to professional networking

Tools will become more intuitive Knowledge hubs for audit tool, techniques and

resources will consolidate and merge

33

© AuditNet® 2013

Audit Programs and Guides

Auditor’s Guide to Cloud Computing - Security Considerations.xls

Cloud Matrix_Benefits & Risks.xls AuditNet® Guide to Social Networking AuditNet® Guide to Wireless Security Business Continuity Planning – A Diagnostic Tool Forensic Document Examination Data Analytics Enabled Audit Programs for Key Business

Processes AuditNet® is working to provide tools and resources to

keep pace with new technology!

34

© AuditNet® 2013

7/12/2013

18

Fraud Examiner Technology Resources

ACFE Seminars, Books and Training Introduction to Digital Forensics

Using Data Analytics to Detect Fraud

Investigating on the Internet

FraudResourceNet.com online training

Audit Software – ACL, IDEA, Excel, ActiveData, TopCAATs AuditNet® is working to provide tools and resources to

keep pace with new technology!

35

© AuditNet® 2013

Conclusion

I hope that I have provided you with some useful information that will stimulate your thought processes!

Any questions?

36

© AuditNet® 2013

7/12/2013

19

Contact Information

If you haven’t been to AuditNet recently please visit and see our new design and interface

Jim Kaplan CIA, CFE editor@auditnet.orghttp://www.auditnet.org

37

© AuditNet® 2013