Chapter 10

Using Information Technology

for Fraud Examination and

Financial Forensics

Critical Thinking Exercise

A married couple goes to a movie. During the movie the husband strangles the wife. He is able to get her body home without attracting attention. How is this possible?

The Digital Environment

• “Garbage-in, garbage-out”

• Maintain data integrity

• Be able to prove origins and credibility of the data

Overview of Information Technology Controls

• IT audit– Planning– Tests of controls– Substantive tests

• Computer-Aided Audit Tools and Techniques (CAATT)• Application controls– Source documents– Data coding controls– Batch controls– Validation controls– Record validation– Examination of application input system

Overview of Information Technology Controls

• Processing controls– Ensure processed data maintains its integrity as it

moves within the system

• Output controls– Spooling– Print programs and bursting– Monitor waste– Identify responsibility

Overview of Information Technology Controls

• General framework for viewing IT risks and controls– IT operations– Data management systems– New systems development and integration– Systems maintenance– Systems back-up and contingency planning– Electronic commerce– Control over computer operations

IT Audits and Assurance Activities• Black box approach– Develop understanding of the system– Test integrity of data and system

• White box approach– System walk-throughs (tracing)– Authenticity– Accuracy– Completeness– Redundancy– Access audit trail– Rounding error test

IT Audits and Assurance Activities

• IT systems personnel may be colluding to conceal fraud

• Few understand information technology

• IT professional may substitute inappropriate version of software to alter data

• IT auditor must ensure entire control environment is examined

Digital Evidence• Digital evidence analysis helps sift through,

organize and analyze large amounts of evidence– Must be examined with speed and accuracy

• Electronic Imaging• Computer forensics• Warrant or subpoena required to obtain digital

evidence– Probable cause

• Initial acquisition• Maintain good work papers

Tools Used to Gather Digital Evidence• Road MASSter– Portable computer forensic lab– Acquire and analyze electronic data– Preview and image hard drives– Completely remove and erase stored files and

programs from hard drives• EnCase– Investigate and analyze data in multiple platforms– Identify information despite efforts to hide, cloak

or delete data– Manage large volumes of computer evidence

Recovering Deleted Files• Deleted files aren’t removed from hard drive• Until computer reuses space where file

resides, the data in the file will remain intact• Defrag command– Reorganize hard drive for more efficient data

storage

• Undelete software– Searches for clues as to the locations of the disk

space where the deleted file resides– Examine unallocated disk space

Recovering Deleted Email• Emails are stored in mail folders• Each folder is considered a separate file• Prior to compaction, deleted emails may be

recovered using software• E-discovery rules require organizations to

provide electronic files going back in time– Probability of deleted email recovery is greatly

enhanced

Restoring Data• More sophisticated approach• Restore lost files under more challenging

circumstances• Stop writing to drive to increase probability of

recovering data• High security or privacy software make the

chance of restoring files non-existent• Manual restoration is sometimes needed– Cost-benefit analysis

Detection and Investigation in a Digital Environment

• Must have understanding of what could go wrong

• Targeted approach required• “Flat file”– Sequential, indexed, hashing and pointer file

structures

• “Hierarchical and network database”– Relational

• “Rifle shot approach”

Data Extraction and Analysis Software Functions

• Sorting• Record selection and extraction• Joining files• Multi-file processing• Correlation analysis• Verifying multiples of a number• Compliance verification• Duplicate searches• Vertical ratio analysis• Horizontal ration analysis• Date functions• Recalculations• Transactions and balances exceeding expectations

Data Extraction and Analysis Software

• Choose based on individual case• Which is most appropriate for current

investigation?• Two categories of data mining and knowledge

discovery software– Public domain/shareware/freeware– Commercial applications

IDEA data Analysis Software• Interactive Data Extraction & Analysis• Generalized audit software• Imports data in differing file formats• Examine file statistics and observe raw data

values underlying those statistics• Bender’s Law analyses• Compare and recalculate invoices• Helps organize work

ACL• Audit Control Language• Audit analytics and continuous monitoring software• Ensure internal controls compliance• Investigate and detect fraudulent activity• Continuous auditing• Independent verification of transactional data• ACL uses in digital environment– Audit analytics– Continuous auditing and monitoring– Fraud detection and investigation– Regulatory compliance– Secure data access

Picalo• Data extraction and analysis tools• Used to analyze– Financial information– Employee records– Purchasing systems– Accounts receivable and payables– Sales– Inventory systems

• Can be programmed to– analyze network activities– web server logs– system login records – import email into relational or text-based databases

Graphics and Graphics Software• Most people are overwhelmed by a page of

numbers• Three roles in an investigation– Investigative tool– Identify holes– Communicate investigative findings, conclusions and

results• Types of graphics software– The association matrix– Link charts– Flow Diagrams– Time Lines

The Association Matrix• Identifies major players who are central to an

investigation• Identify linkages between those players• Starting point for reflecting important data in

a simplified format• Helps investigator visually see important links

The Association Matrix

Link Charts• More complex than association matrices• Graphically represent important relationships– Linkages between people, businesses and

“organizations”

• Create graphic representation of known and suspected associations that are involved in criminal activity

Link Charts

Flow Diagrams• Analyze movement of events, activities and

commodities• Discover meaning of activities and their

importance to the investigation

Flow Diagram

Timeline

• Chronologically organize information about events or activities

• Help determine what has or may have occurred and the impact those actions had

Timeline

Other Graphical Formats

Case Management Software• Manage cases and case data• Organize case data in meaningful ways• Present information for use in reports or

during testimony• Used to initiate investigations• Case management software tools– Analyst’s Notebook i2– Lexis-Nexis CaseMap

Analyst’s Notebook i2

• Visualize complex schemes• Organize and analyze large volumes of

seemingly unrelated data• Bring clarity to complex investigations,

schemes and scenarios• Increase evidence management efficiency

Lexis-Nexis CaseMap• Central repository for case knowledge• Organize information, facts, evidence,

documents, people, case issues and applicable law

• Evaluates relationships between different attributes of the case information

• TimeMap• TextMap• NoteMap• DepMap