section 1: definition of fraud / fraud analysis coderre chapters...
TRANSCRIPT
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page1of13
Section1:DefinitionofFraud/FraudAnalysisCoderreChapters1–6,8,&9
1. Trueorfalse,isALLtheftfraud?a. Trueb. False
2. Trueorfalse,areALLdeceptivestatementsexamplesoffraud?
a. Trueb. False
3. Definethefraudtriangle.Useoneortwosentencestodescribeeachelementofthetriangle.
(Week1:Slide19&Page5Coderre)a. Opportunity:Theopportunityexistswhenthereareweakcontrolsand/orwhenan
individualisinapositionoftrust.Theopportunityforfraudoftenbeginswhenaninnocent,genuineerrorpassesunnoticed,exposingaweaknessintheinternalcontrols.
b. Pressure:Whilethepressuresonthosewhocommitfraudareoftenofafinancialnature,unrealisticcorporatetargetsmayalsoinfluenceapersontocommitfraudtomeetthetargets.
c. Rationalization:Therationalizationforfraudoftenincludesthesebeliefs:i. Theactivityisnotcriminal.ii. Theiractionsarejustified.iii. Theyaresimplyborrowingthemoney.iv. Theyareensuringthatcorporategoalsaremet.v. “Everyoneelseisdoingit”soitmustbeacceptable.
4. DataAnalysisisamethodforidentifyingthefraud.Whatarethethreestepsinvolvedtouse
dataforfraudidentification?Listthese.(Page75Coderre)
a) Identifytheobjectivesoftheinvestigation.b) Meetwiththedataownerandprogrammer.c) Definetheparametersfortherequireddata.
5. Whatassumptioncanauditorsmakewhensearchingforsourcesofinformation.Selectallthat
arecorrect.
a. Theinformationexistsinanelectronicform(Page58Coderre)b. Theinformationexistsandisaccessible(Ferrara)c. Thesystemshaveinformationownersandpermissionisavailabletoaccessthedata
(Ferrara)d. Thereisgooddocumentationonthedataandthewaythesystemstructuresthedatae. Thesystemownerisprobablyinvolvedinthefraudinsomewayf. Theinformationisnottaintedandisforensicallysoundg. Thedataiscleanandwillbeeasilyanalyzed
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page2of13
6. Whatarethethree(3)thingsauditorsmustbecarefultoavoid?(Page67Coderre)a. Improperlyextractingthesourcedata.Careisrequiredwhenextractinginformation
fromsystems.Fieldscanbelost,decimalplacesshifted,ordatacorrupted.b. Misinterpretingthedata.Evenifthedataiscorrect,itcanbemisread.Forexample,a
filecontainingbothdebitsandcreditsmaybereadasdebitsonly.Auditorsalsocanfalselyassumethatafieldmarked“location”inthepersonnelfilewillconsistentlydesignateanemployee’sphysicallocationorthattherearenoadditionalemployeesatthesamelocationwhoarenotsocoded.
c. Forgettingtoconsiderreal-lifeissues.Evenwithuncorrupteddatathatiscorrectlyunderstood,practicalfactorscanmakeahugedifferencetoone’sconclusions.Consideradataentrysectionwhoseincreasederrorrateatthenewfacilitywascausedbytheafternoonsun’sglareandacaseofcolorblindnessamongtheoperators.
7. InACLwhatdoesafilterdo?(Choosetheone(1)correct/bestanswer.)a. Screensoutharmfulradiationfromyourcomputerscreenb. Identifiesonlythoserecordsmeetinguserdefinedcriteriac. ReducestheamountofinaccuratedatainanACLdatafiled. Alloftheabove.
8. InACLwhatissummarization?Whatfunctiondoesitprovide?
Summarizationcreatesanoverviewthatcanhelpidentifytrendsoranomalieswithinthedata.Thefunctionessentiallyisagroupingoperations.“Theygrouptherecordsinatableintonumericintervals,oragingperiods,orgroupsbasedonvalues,orcombinationsofvalues,infields.Oncerecordsaregrouped,varioussortsofpatternscanbecomemoreevident.”
Source:"SummarizingData."Help-ACLAnalytics11.ACLServicesLtd.,n.d.Web.23Feb.2016.<http://docs.acl.com/acl/11/index.jsp?topic=%2Fcom.acl.user_guide.help%2Ftable_definition%2Fc_about_the_data_definition_wizard.html>.
9. InACLwhatdoesthecountfunctiondo?Whatfunctiondoesitprovide?
Countis“Usedtocountthetotalnumberofrecordsinthecurrentview,oronlythoserecordsthatmeetthespecifiedtestconditions.”Thefunctionprovidesanumericvalueoffrequencydependingontheselectedcriteria.
Source:"ACLScriptCommandReference."Help-ACLAnalytics11.ACLServicesLtd.,n.d.Web.23Feb.2016.<http://docs.acl.com/acl/11/index.jsp?topic=%2Fcom.acl.language.help%2Flang_ref_commands%2Fr_command_reference.html>.
10. InACLwhatdoestheDataDefinitionWizardDo?HowdoyoustarttheDataDefinitionWizard?
“TheDataDefinitionWizardisacomponentoftheACLuserinterfacethatyouusetodefineACLtables.Itprovidesastandardwaytoaccessawidevarietyofdatasources.Thebasic
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page3of13
processfordefininganACLtablefromadatasourceisconsistent,butdependingonthetypeofdatasourcesomeoftherequiredstepsmaybecompletedautomaticallybyACL.“
HowtostarttheDataDefinitionWizard:File>New>Table
Source:"AbouttheDataDefinitionWizard."AbouttheDataDefinitionWizard.ACLServicesLtd.,n.d.Web.23Feb.2016.<http://docs.acl.com/acl/11/index.jsp?topic=%2Fcom.acl.user_guide.help%2Ftable_definition%2Fc_about_the_data_definition_wizard.html>.
Section2:ACLAuditPlanning
Upuntilnowyouhaveworkedwithdatathatislargelyuniformandeasytomanipulate.Wecallthis“cleandata.Inthisexamyouwillbeaskedtoworkwithdatathatwillneedsomecleanup.InthiscasewewillusedatafrombothAprilandMay’stransactionsfromthetestdatainthe“ACLSampleDataFilesDirectory”.UsetheprojectyousetupforLabs02and03forthisexam.
1. DevelopaninvestigationplanfortheexerciseinSection3ofthisexam.Completethetablebelow
ACLAnalysisPlan
Describetheinformationyouneedandhave
Need:• Date• TransactionAmount• CompanyCode• Description• CreditCardUsed• EmployeeName• EmployeeID• EmployeeDepartment• HRRepresentative
Clearance#
Have:• Date• TransactionAmount• CompanyCode• Description• CreditCardUsed• EmployeeName(DifferentTable)• EmployeeID(DifferentTable)• EmployeeDepartment(Different
Table)
Describethelocationoftheinformation(e.g.localfilesystem,USBdrive,etc.)
WewillreceivethisinformationfromtheHRReimbursementSystem.Additionally,fileswillbeextractedfromthelocalAccountingdepartmentdrivesandfilestoensurethatthetransactionswereconsistentthroughouttheprocess.TransportationofdatacanbedonethroughencryptedUSBsoriffeasible,CD-ROM.
Describeanyrelatedprojects(hint:labsperformedinthisclass)
Weperformedasimilaranalysisfor“Acceptable”and“Unacceptable”transactionsinApril.WewereabletosummaryandidentifyalltransactionsinAprilaswellasaffiliateddepartmentsandwhetherthetransactionswerebilledtointernaldepartmentsorexternalclients
Listthetablenamesyouwillimportandcreateandtheirassociateddatafiles
WewillexporttheTrans_May.xlsfileanditstwopages(Trans1_MayandTrans2_May)intoACL.Fromthere,wewillbeabletojointhosetwotablesinto“Trans_May_All.”
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page4of13
Brieflydescribetheprocessyouwilltaketoanalyzethefiles
Afterensuringthatalldatafieldsareaccurateandconsistent,Iwillcrosscheckalltransactionscodesto“UnacceptableCodes”todeterminewhichtransactionsare“Unacceptable.”Fromthestanceofauditingvendors,IwillsummarizethefrequencyofvendortransactionsthroughoutMayandnoteanytransactionanomalies.
Listthelocationoftheoutputfiles(e.g.localdisk,USB,etc.)
FromACL,allthefindingswillbeexportedtoanExcelorAccessfilewherefinalpresentationswillbedeliveredtouppermanagementandsupervisors.
Section3:ACL-WorkingwithData
Usechapter8and9oftheACLinPracticeTutorialandtheassociatedpracticedatatocompletethissection.Pleasecompletethefollowingexercisesandsubmityourresults.RefertoChapter7wherenecessary.Screenshotsareacceptablebuttheymustbeclearlyreadableinyoursubmission.
PerformallofthetasksoutlinedinChapter7(Seepage63-ofACLinPracticeformoredetails)andthenperformthefollowingexercises:
1. ExamStep1–Importandcorrectthestructureoftwodatasourcesa. TheTrans_May.xlscontainstwoworksheets.Importbothworksheetsfromthesame
fileintoACL.Nameeachtable.Submitthetwonewtables.
b. Editthetablelayoutforbothnewtables.
i. EdittheAMOUNT,CARDNUM,andCODESfields.1. AMOUNT:SettheDataTypetobeNUMERICwithFormat-999999.992. CARDNUM:SettheDataTypetoASCII.3. CODES:SettheDataTypetoASCII.
ii. Verifyallfields.iii. Submittheresultsoftheverificationandchanges.
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page5of13
May1 May2
c. Comparethelayoutofbothtables.Submittheresults.
May1 May2
d. Correctanytablelayoutdifferences.e. Combinethetwotableswithanyofthefollowingmethods:
i. Joinii. Relationsiii. Extractandappendiv. Merge
f. Namethenewtable.Submittheresultsofthecombinedtables.
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page6of13
g. Runtheprofilecommandonthecombinedtables.Submittheresults.
h. CheckthetableforduplicatesintheCUSTNOfield.Submittheresults.
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page7of13
i. Whywouldthisbesignificant?Submityouranswerinonetothreesentences.
Duplicateswithinthistablewouldbesignificantbecauseitdisplaysvendors(CUSTNO)that(whohavehadmorethanoneofthesametransaction)couldbepotentialsuspectsoffraud.
2. ExamStep2–Checkthevalidityandformatofthecreditcardnumbersa. FromthecombinedtableyoucreatedinStep1,determinewhichcardnumbersinthe
tablehaveaninvalidformat.Cardnumbersmusthave16digitsandnoothercharacters.Submittheresults.
b. Command:NOTMAP(ALLTRIM(CARDNUM),"9999999999999999")c. Result:5Records
d. Also,counttherecordsandsubmittheresults.
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page8of13
e. CommandLine:COUNT
f. Createacomputedfieldtochangecreditcardnumbersfromthisformat:
8590122497663807tothisformat8590-1224-9766-3807.Submittheresults.
Option1(Good)
Fromthealreadycreated“CCN_Corrected=AllTrim(Include(cardnum,"0123456789")),”Icreatedthreemoreadditionalexpressionstoadd“-”everyfourdigits:
• CCN_Dashes_1=INSERT(CCN_Corrected,"-",5)• CCN_Dashes_2=INSERT(CCN_Dashes_1,"-",10)• CCN_Dashes_3=INSERT(CCN_Dashes_2,"-",15)
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page9of13
Option2:(Better)
Useanestedfunction.
Expression:INSERT(INSERT(INSERT(REMOVE(CARDNUM,"0123456789"),"-",13),"-",9),"-",5)
g. ExamStep3–Examinethetransactions.Whichofthetransactionshaveunacceptable
merchants(e.g.EscortServices)?i. ImporttheUnacceptableCodestablefromthelabs:Unacceptable_Codes.txtii. Cleanthecodescolumniii. Createarelationbetweenthetwoiv. CreateafilterwhereTrans_All.Codes=Unaceptable_Codes.Codesv. 9records
h. Whichvendors(CUSTNO)haveseveral(3ormore)transactionsoverabriefperiodsof
time(3days?)
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page10of13
i. UsetheCross-tabulatecommand.j. Command:CROSSTABONDATE(DATE)COLUMNSCUSTNOTOSCREEN
i. UsetheDATE()functiontoconvertdatetoASCIIsoyoucancross-tabulatethedata.
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page11of13
1. TheTotal#oftransactionsis200.2. Now,bycross-tabulatingthedata,wecanfocusonwhichvendorshavemorethanaverage
transactionsoverthecourseofamonth.3. VendorsinREDhaveahighnumberoftransactions.4. Manyfallwithina3-dayperiod.
Option1:
Command:SUMMARIZEONCUSTNODATEOTHERCUSTNOCODESDESCRIPTIONTOSCREENPRESORTTable:Trans_May_All
Etc.
?
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page12of13
Option2:
CrossTabulateonDateandCodes.
5. Toproperlyanswerthequestion,I’veprovidedatablebelow:
Vendorsthathavehadmorethanthreetransactionsoverathreedayperiod
Top5VendorsthatpushedthemosttransactionsinMay
SAMPLESOLUTIONMIS5208Mid-TermExamWednesdayFebruary24th2016Page13of13
• 51593• 202028• 250402• 284354• 359310• 444413• 503458• 778088• 812465• 925007• 962353• Onlyonedidn’t(878035)
• 051593• 202028• 503458• 778088• 812465
k. Whywouldthisanyorallofthisinformationbehelpfulindeterminingfraud?
Byanalyzingthefrequencyoftransactions,wecandeterminestrangefrequencies(vendorsthatchargemorefrequentlyoverthemonth),andthiscouldbeagoodindicatorifthevendoriscommittingafraudgiventhattheyarenotfollowing“normal”transactionpatterns.
Thesevendorswouldneedadeeperdiveoftheirpurchases,descriptions,amounts,andpurposeoftransactions.Forexample:lookingforduplicatetransactions.