Last month’s trivia questions and answers...
What is the full name of the person who first perpetrated the Ponzi scheme?
Despite the notoriety of Charles Ponzi, the scheme that carries his name, it was first perpetrated by Sarah Howe in Boston in 1879.
A common theme among Ponzi schemes is “irrational exuberance.” Which flower was the first to be involved in irrational exuberance”?
Irrational exuberance goes back as far as the tulip mania of the 1600s in the Netherlands.
FYI, What Is Irrational Exuberance?
Irrational exuberance refers to investor enthusiasm that drives asset prices higher than those assets' fundamentals justify. The term was popularized by former Fed chair Alan Greenspan in a 1996 speech, "The Challenge of Central Banking in a Democratic Society." The speech was given near the beginning of the 1990s dot-com bubble, a textbook example of irrational exuberance. Source: By Adam Hayes in Investopedia.
Side note: Do you see the connection between irrational exuberance and the fraud triangle?
Let us make audit the number one reason for fraud detection!
My blogs in 2022 will have one constant theme: making audit the number one reason for fraud detection.
I will explore the reasons why audit remains a distant second in the fraud detection surveys and provide guidance on how the audit profession can become the number one reason for fraud detection. I will also acknowledge fraud audit professionals who I believe have significantly contributed to the fraud audit profession.
To start, I looked at the ACFE Annual Report, the section on Detection of Fraud Schemes for 2020, 2016, and 2010. Effectively, we have not improved. We are a distant second to “Tips,” which remains the number one reason for fraud detection. During the last ten years, we have ranged from fourteen to sixteen percent of the cases reported in the ACFE Annual report.
The question we must ask ourselves is simple: Is today’s audit designed to detect fraud? There is no question in my mind that our customers or stakeholders expect an audit to discover fraud. There is no doubt in my mind that the audit profession has shied away from the responsibility for fraud detection. But I believe that if you study the professional standards for the last twenty-five years, you will see a slow-moving process towards greater responsibility - starting with the AICPA auditing standard # 99 that has the phrase “consider fraud” to the IIA Competency Framework recognizing fraud as a competency needed to meet the requirements of the International Professional Practices Framework. So, step one in making audit the number reason for fraud detection is to acquire knowledge.
Building Your Road Map to Become a Master of Fraud Auditing:
The IIA has developed a document titled Internal Audit Competency Framework. It describes three levels of competency:: general awareness, applied knowledge, and expert knowledge. I encourage you to read the IIA document. For your ease, here is the fraud competency section:
General Awareness: Recognize types of fraud, fraud risk, and red flags of fraud.
Applied Knowledge: Evaluate the potential for fraud and how the organization detects and manages fraud risks; recommend controls to prevent and detect fraud and educate to improve the organization's fraud awareness
Expert: Apply forensic auditing techniques in fraud prevention, deterrence, and investigation
You will need to acquire the knowledge of fraud risk and then learn how to apply it in the search for fraud in core business systems. I offer the following framework for you or your department to build the skills for audit to become the number one reason for fraud detection.
The Science of Fraud Risk and Fraud Auditing Skills:
- Understanding the fraud universe
- Knowledge of fraud audit theory
- Knowledge of sufficiency of audit evidence
- Understanding sophistication of concealment theory
The Art of Fraud Risk and Fraud Auditing Skills:
- Knowing how to create a fraud audit program
- Calibrating your audit program for the sophistication of concealment
- Evaluating sufficiency of audit evidence
- Determining the degree of certainty to arrive at a conclusion
Now let us merge the IIA framework with my framework for fraud risk and fraud auditing. To illustrate, I will explain one bullet point from the science and one bullet from the art section.
Science of Fraud Risk
The fraud risk universe is all the fraud risk statements facing an organization. The fraud universe is both the known fraud risks and the unknown or future fraud risks. The starting point of fraud risk management is the identification of fraud risk statements.
General awareness the auditor can apply the methodology of fraud risk identification for known fraud risks within the big three categories, asset misappropriation, corruption, and financial reporting. The auditor understands the difference between a fraud risk statement and a fraud scenario.
Applied knowledge the auditor can identify the fraud scenarios associated with the fraud risk statement, internal control vulnerability, and the sophistication of fraud concealment. The auditor can create a fraud risk assessment and help identify the right internal controls to mitigate the fraud risk to an acceptable level. Lastly, the auditor can educate management on the exposures and costs associated with the fraud risk.
Expert Knowledge the auditor can identify all known fraud risk statements for all primary categories and assist management in identifying future fraud risk statements and fraud scenarios that could impact the organization. The auditor can build a fraud audit program.
The Art of Fraud Risk
A fraud audit program has four components: fraud risk statement; fraud data analytics, fraud test procedures, and fraud risk statement conclusions.
General awareness the auditor can write the fraud risk statement using the five components and identify the red flags associated with the specific fraud risk statement within the scope of the audit.
Applied knowledge can perform the planning phase of the fraud audit, use data analytics to predict the likelihood of fraud risk statements in core business systems, create a high-level fraud risk assessment, and offer control recommendations for known fraud risk statements.
Expert knowledge can perform fraud data analytics and gather evidence to formulate conclusions regarding whether or whether not the fraud risk statement is occurring in a core business system.
So, here are my recommendations for using the IIA Competency Framework
- Determine the desired skill set for your department or for yourself: general; applied or expert.
- Using my framework in combination with the IIA framework, identify the necessary skills.
- Develop the action plan to acquire or develop those skills.
- Start with a pilot study to apply the concepts. Note that you will likely have challenges in going from the science phase to the application phase, which is normal.
Fraud Quiz
Which country offers an online fraud quiz to test its citizens' awareness of fraud?
What was the first recorded fraud?