3. • Data collection frauds involve entering
falsified data into the system by
deleting, altering or creating a
transaction.
• Masquerading involves gaining remote
access by pretending to be an
authorized user. Piggybacking involves
latching onto an authorized user in the
system. Hacking involves both schemes
motivated by the challenge of trying to3 01/01/2017Information System UIN Suska Riau
4. • Data processing: A series of actions or steps
performed on data to verify, organize,
transform, integrate, and extract data in an
appropriate output form for subsequent use.
Methods of processing must be rigorously
documented to ensure the utility and integrity
of the data.
• Data processing frauds are in two classes:
• Program fraud includes creating illegal
programs or destroying, corrupting or
altering computer logic to cause data to be
CONTINUE
...
01/01/2017Information System UIN Suska Riau
4
5. Database management fraud involves altering,
deleting, corrupting, destroying, or stealing an
organization’s data.
Often associated with transaction or program
fraud and disgruntled employees who may copy,
sell or destroy data.
01/01/2017Information System UIN Suska Riau
5
6. CONTINUE
...
Information generation fraud involves stealing,
misdirecting or misusing computer output.
Useful information has: relevance,
timeliness, accuracy, completeness and
summarization.
Scavenging involves searching for discarded
output.
Eavesdropping involves listening to output
transmissions over telecommunication lines.01/01/2017Information System UIN Suska Riau
6
7. • Description and characteristics of fraud
• Professional skepticism
• Engagement personnel discussion
• Obtaining audit evidence and information
• Identifying risks
• Assessing the identified risks
• Responding to the
assessment
• Evaluating audit evidence
and information
• Communicating possible
fraud
• Documenting consideration
of fraud
o Auditor also required to assess risk factors
related to fraudulent financial reporting and
misappropriation of assets. 01/01/2017Information System UIN Suska Riau
7
8. Risk factors:
Management’s characteristics and
influence over the control
environment, industry conditions and
operating characteristics and
financial stability.
Common schemes:
Improper revenue recognition or
treatment of sales.
Improper asset valuation or deferral
of costs and expenses.
Improper recording of liabilities.
Inadequate disclosures. 01/01/2017Information System UIN Suska Riau
8
9. Risk factors:
Susceptibility of assets to
misappropriation and controls.
Common schemes:
Personal purchases or ghost employees.
Fictitious expenses or altered payee.
Pass-through vendors.
Theft of cash (or inventory).
Lapping.
01/01/2017Information System UIN Suska Riau
9
10. Judgments about the risk of material
misstatements may affect the audit in
regards to:
Engagement staffing, extent of
supervision, professional
skepticism, nature, timing, extent
of procedures performed.
01/01/2017Information System UIN Suska Riau
10
11. Risk of material misstatement due to
fraud always exists. Auditor:
may determine currently planned
audit procedures are sufficient to
respond to risk factors.
may determine to extend audit and
modify planned procedures.
may conclude procedures cannot be
modified sufficiently to address
CONTINUE
...
01/01/2017Information System UIN Suska Riau
11
12. 01/01/2017Information System UIN Suska Riau
12
Auditors will enter a much expanded arena of
procedures to detect fraud as they implement SAS no.
99. The new standard aims to have the auditor’s
consideration of fraud seamlessly blended into the
audit process and continually updated until the
audit’s completion. SAS no. 99 describes a process in
which the auditor
1) gathers information needed to identify risks of
material misstatement due to fraud,
2) assesses these risks after taking into account an
evaluation of the entity’s programs and controls and
13. 01/01/2017Information System UIN Suska Riau
13CONTINUE
...
If no material effect: Refer matter to
management and ensure implications to other
aspects of audit have been addressed.
If effect is material or undeterminable:
Consider implications for other aspects
of the audit.
Discuss with senior management and audit
committee.
Attempt to determine if material effect.
Suggest client consult with legal
counsel.
14. 01/01/2017Information System UIN Suska Riau
14
Working papers document criteria used
for assessing fraud risk:
Where risk factors are identified,
documentation should include.
those risk factors identified and
auditor’s response to them.
CONTINUE
...
15. 01/01/2017Information System UIN Suska Riau
15
Payroll fraud:
Use expression builder to test for
excessive hours worked.
Use duplicate function to test for
duplicate payments.
Use join function to link payroll
and employee files to test for non-
existent employees.
16. 01/01/2017Information System UIN Suska Riau
16CONTINUE
...
Lapping Accounts Receivable:
Use expression builder to locate and
investigate invoices whose Remittance
Amount is less than the Invoice
Amount.
Calculate the amounts carried forward
and use the duplicates command to
search for carry-forward amounts that
are the same.