acfe williamsburg 2013 jmk
DESCRIPTION
Presentation on the impact of technology on fraud detection and professional standardsTRANSCRIPT
7/12/2013
1
THE IMPACT OF TECHNOLOGY ON STANDARDS AND DETECTING, PREVENTING AND INVESTIGATING FRAUD
JIM KAPLAN CIA CFEPRESIDENT AND FOUNDERAUDITNET®
A Changing Landscape for Professionals
1© AuditNet® 2013
Agenda
Introduction
Technology Then and Now
Standard Changes and Technology
Evolution of Professional Networking
Latest Technology Tools for Fraud Auditors
Trends and the Future of Audit Technology for Detecting and Investigating Fraud
2
© AuditNet® 2013
7/12/2013
2
Then and Now3
© AuditNet® 2013
Auditors and Technology
Early Adopters
Innovators (into the new from Latin
Interested in new methods & techniques
Risk takers
Forward thinking
Gen X & Y
Laggards
Wait and see
Cautious
Hangs back
Last group to try or adopt a new product
Dislike change
4
© AuditNet® 2013
7/12/2013
3
Standards Evolution5
1954 to the mid-1960s, the auditing profession was still auditing around the computer – Why?
1968, the American Institute of Certified Public Accountants (AICPA) had the Big Eight (now the Big Four) accounting firms participate in the development of EDP auditing.
December 1974 SAP 3 The Effects of EDP on the Auditor's Study and Evaluation of Internal Control
1977 Electronic Data Processing Auditors Association (EDPAA) published Control Objectives
July 1984 SAS 48 The Effects of Computer Processing on the Audit of Financial Statements
June 2001 SAS 94, The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit.
© AuditNet® 2013
Standards and Regulatory Evolution6
SEC, Final Rule: Management’s Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports
PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed In Conjunction With an Audit of Financial Statements
SAS 99, Consideration of Fraud in a Financial Statement Audit SAS 99 Exhibit, Management Antifraud Programs and Controls Committee of Sponsoring Organizations of the Treadway
Commission, Internal Control—Integrated Framework United States Sentencing Commission, Guidelines Manual 2009 Internal Auditing and Fraud and GTAG 13: Fraud Prevention
and Detection in an Automated World
© AuditNet® 2013
7/12/2013
4
Computers, Auditors and CAATTs
The Evolution of CAATTs 80’s Around Through With EDP/IT Auditors Mainframe
Audit Software 90’s Data extraction and analysis IT and non IT Auditors Windows
The Millenium Software for all phases (planning, fieldwork, GRC) Cloud computing
7
© AuditNet® 2013
Impact of Technology
Computers and networks provide most of the information needed for auditing
Computer crime is increasing as fraudsters see value in information as well as financial assets
Auditors and fraud examiners must use the computer as an auditing tool
Auditors and fraud examiners must also use the computer for audit administration
8
© AuditNet® 2013
7/12/2013
5
Impact of Technology
What I did in my youth is hundreds of times easier today. Technology breeds crime
9
© AuditNet® 2013
Impact of New Technology on the Profession
Professional Standards for Certified Fraud Examiners
IIA Professional Standards Fraud and Technology
10
© AuditNet® 2013
7/12/2013
6
Certifications for Fraud Auditors11
Initials Description Organization
CITP Certified Information Technology Professional (CITP AICPA
CFE Certified Fraud Examiner ACFE
CFF Certified in Financial Forensics AICPA
CAMS Certified Anti-Money Laundering Specialist ACALS
CFFA Certified Forensic Financial Analyst (NACVA)
CIFI Certified Insurance Fraud Investigator IASIU
CBCO Certified Bank Compliance Officer BAI
CISA Certified Information Systems Auditor ISACA
CIA Certified Internal Auditors CIA
CPA Certified Public Accountant AICPA
© AuditNet® 2013
New Technologies and their Impact
Mobile computing
The Cloud or Internet based services SaaS (application based) PaaS (end to end SDLC) IaaS (servers, storage, network)
12
© AuditNet® 2013
7/12/2013
7
Social Media
Social Media Defined
The good the bad and the ugly
What is the primary risk?
13
© AuditNet® 2013
Technology as an Enabler
There is a wide array of specialized tools to support and enhance the entire spectrum of internal audit processes … for the most part (auditors) are not taking advantage of them
Not surprisingly, survey participants predict that
technology will affect internal audit roles and
responsibilities more than any other business
trend.PwC 2010 Study on the State of the internal audit profession
14
© AuditNet® 2013
7/12/2013
8
Audit Software15
© AuditNet® 2013
Categories of Audit Software Technology
AutomatedIssues
Tracking
ElectronicWork Papers
RiskAssessment
ContinuousControls
Monitoring
Anti FraudSoftware
GRC
Audit Management
Software
Audit Resource
Scheduling
DataAnalytics
16
© AuditNet® 2013
7/12/2013
9
Data Analysis for Auditors and CFE’s
Although internal auditors have been doing data analysis for more than 25 years, it has only recently started to become standard practice.
By our nature, most accountants and auditors are inclined to stick with what has worked in the past, rather than reach outside our comfort zone for an alternative that could help us accomplish more.
Do you reach outside your comfort zone?
17
© AuditNet® 2013
New Tools New Approach
Technology advances require a change in the approach for detecting and investigating fraud
Fraud risk analysis is now a required part of an auditors responsibilities
Proactive approach to detecting fraud
Identifying risks early using audit software to detect anomalies is no longer optional
Data analytic KSA’s now a basic facet of an auditor’s toolbox
18
© AuditNet® 2013
7/12/2013
10
Obstacles to Implementation
Failure to plan for use Lack of an FRA methodology Skill set gap - Department size Cost implication Complexity of the software Resistance in training auditors Failure of software to meet audit departments needs
19
© AuditNet® 2013
Heard on the Street
Technology Initiatives considered having the most impact (2012 AICPA Top Technology Issues)
1.Information security2.Remote access3.Control and use of mobile devices4.Business process improvement with technology5.Data retention policies and structure6.Privacy policies and compliance7.Staff and management training8.Spreadsheet management9.Overall data proliferation and control10.Portals (vendor and client/customer)
20
© AuditNet® 2013
7/12/2013
11
New Tools for Fraud Examiners21
© AuditNet® 2013
New Tools
Sept, 2008…. Any device, Any time, Any
where was born
Users not interested in security, they want to trust, not to be trusted
Any unprotected device connected to both the Internet & and company LAN poses a security risk
22
© AuditNet® 2013
7/12/2013
12
Impact of Technology on Detecting Fraud
Proactive Fraud Detection Computer-aided fraud detection skills
Data Extraction
Scripting
Analyzing Data
Automation
Data is the key to detecting fraud with technology
Benford’s Law analysis using technology
Continuous monitoring software suites
23
© AuditNet® 2013
Impact of Technology on Detecting Fraud
Digital Information Explosion (DIE) has created greater opportunities for fraud examiners and auditors. Asset recovery Anomalies in data through 100% analysis Examining digital information on mobile devices Using social media to profile fraudsters Social Network Analysis (SNA) Using data analytics to detect property and casualty
claims fraud
24
© AuditNet® 2013
7/12/2013
13
Audit Apps for iPhones/iPads25
© AuditNet® 2013
Imagine the Possibilities
Access your computer from remote locations Collaborate using tools from the road Access audit programs, work papers and more
from your mobile device Join Anti-Fraud Webinars and Webcasts for
training Conduct or participate in virtual meetings with
staff, clients etc.
26
© AuditNet® 2013
7/12/2013
14
Trends and their Impact
Mobile devices and wireless computing
Smart devices and malware
Cloud sourcing and computing – security, governance and compliance
Social media platform for communications
Continuous risk and control assessment
Reporting to the Board using SOTA technology
27
© AuditNet® 2013
Skill Set for Future Auditors
Multi-disciplinary less accountants more business oriented
Critical thinking skills
Strong communication skills
Audit Technology oriented
28
© AuditNet® 2013
7/12/2013
15
The Impact of Technology Observations
Not surprisingly, survey participants predict thattechnology will affect internal audit roles andresponsibilities more than any other businesstrend.High-performing internal audit functions maximizethe use of technology to enhance the efficiency,effectiveness, and quality of operations.
PwC 2012 Study on the State of the internal audit profession
29
© AuditNet® 2013
AuditNet® Survey - 2012 State of Technology Use by Auditors
Profile of Over 1,500 Responses• 45% 5 or less auditors• Technology tools used – mostly data analytics and
EWP • Technology tools least used – monitoring (continuous
audit and fraud), GRC, risk compliance• Only 17% feel that their auditors are technology
proficient• Technology training primarily OJT• 35% maintain an inventory of audit technology
tools• More than half (54%) rated their department at the
informal use level (ad hoc or none at all) for audit technology
• Less than 4% rated their department at the highest maturity level
30
© AuditNet® 2013
7/12/2013
16
AuditNet® 10 Point Action Plan for Integrating Technology in Audit
1. Conduct an inventory of audit technology tools2. Provide training for all staff in use of audit
technology3. Measure staff technology KSA4. Build a business case for audit technology5. Work with IT and Senior Management on cost6. Hire auditors with technology skills7. Find a technology champion and influencer8. Establish an audit technology assessment
benchmark and update annually9. Require the use of technology for all audit and
administrative tasks10. Develop a succession plan so that audit software
does not become shelfware
31
© AuditNet® 2013
Strategic Fraud Detection Approach
32
© AuditNet® 2013
Source: Strategic Fraud Detection: A Technology-Based ModelConan C. Albrecht W. Steve Albrecht
7/12/2013
17
Future Predictions
Standards will mandate use of technology tools for audit
New generation of auditors must have the KSA to utilize technology
If auditors and audit departments do not adapt to new technology they risk outsourcing
Social networking will evolve to professional networking
Tools will become more intuitive Knowledge hubs for audit tool, techniques and
resources will consolidate and merge
33
© AuditNet® 2013
Audit Programs and Guides
Auditor’s Guide to Cloud Computing - Security Considerations.xls
Cloud Matrix_Benefits & Risks.xls AuditNet® Guide to Social Networking AuditNet® Guide to Wireless Security Business Continuity Planning – A Diagnostic Tool Forensic Document Examination Data Analytics Enabled Audit Programs for Key Business
Processes AuditNet® is working to provide tools and resources to
keep pace with new technology!
34
© AuditNet® 2013
7/12/2013
18
Fraud Examiner Technology Resources
ACFE Seminars, Books and Training Introduction to Digital Forensics
Using Data Analytics to Detect Fraud
Investigating on the Internet
FraudResourceNet.com online training
Audit Software – ACL, IDEA, Excel, ActiveData, TopCAATs AuditNet® is working to provide tools and resources to
keep pace with new technology!
35
© AuditNet® 2013
Conclusion
I hope that I have provided you with some useful information that will stimulate your thought processes!
Any questions?
36
© AuditNet® 2013
7/12/2013
19
Contact Information
If you haven’t been to AuditNet recently please visit and see our new design and interface
Jim Kaplan CIA, CFE [email protected]://www.auditnet.org
37
© AuditNet® 2013