When should a company consider a forensic audit?

Forensic Audit is a detailed examination of the financial and operational records of a business with the objective to find any evidence that supports or proves that fraudulent activity has indeed occurred and to what extent it has occurred. This evidence from the conclusion of a fraud investigation is often used as evidence in legal proceedings in court.

In order to truly understand what a forensic audit is, it is important for us to take a step back and define some other important concepts and terms, then we can properly understand the background and the links to forensic investigations and audits.

Forensic auditing can be tied closely to internal audit and fraud.

Internal Audit:   According to the IIA (Institute of Internal Auditors) internal Audit is an independent objective, assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

In other words, internal audit is an evaluation of a company’s internal controls, risk management, governance and accounting procedures in place and to determine if they are working as required and if they are functioning in a manner that will assist a company in accomplishing its organisational goals. 

Internal auditors cover compliance with laws and regulations, as well as determining if what is in place is what is planned to be in place and if it is adequate. Furthermore Internal audit will determine if the procedures in place are functioning as they are intended to. Due to this, internal audit can assist management in determining if operations are functioning in an adequate, efficient, economical and, most importantly, effective manner. Please note that this assistance is from an objective and independent perspective.

Forensic audits take this one step further and often can flow from an internal audit. During an internal audit, the evaluators may become aware of certain indicators that may imply potential fraudulent activity is occurring through Fraud Red flag indicators. In these instances a more in depth analysis audit, which is investigative and interrogative in nature, may need to occur and this is known as a forensic audit.

At this stage it is important to discuss what Fraud is as this outlines what is assessed for in a Forensic Audit. Fraud at its core is intentional deception for personal unlawful, unethical gain. Fraud violates numerous laws and can result in money, property and legal rights being lost. It deprives fraud victims of money or monetary valued items.

Committing fraud is a crime. The following are some forms of fraud:

Consumer fraud

Targeting individuals through pyramid schemes, telecommunications or bogus false advertising.

Intellectual property theft

This involves stealing trade secrets, patents, copyrights, inventions or mindful creations of individuals or entities and calling it your own

Corruption

This is a dishonest act that involves bribery, extortions, embezzlement, intimidation, kickbacks and theft to name a few.

Fraudulent statement fraud

Enlarging and overstating revenues, understating costs and overstating assets aligned with understanding liabilities to provide a more favourable financial position.

Insurance and banking fraud

Bogus false insurance claims for health or business purposes or fraudulent bankruptcy applications.

Asset misappropriations

This impacts financial statements often but it involves skimming cash, misuse of company assets, larceny and theft.

Fraud can be a complex concept to understand but a simple shape has been used to help explain fraud and why is occurs. In 1970,  Dr Donald R Cressey published the Fraud Triangle this outlines three conditions that lead to fraud. The three sides which make up the triangle include pressure (motivation), opportunity and rationalisation. When all three components are present or exist, there is a high likelihood that fraud will occur.

Pressure (Motivation)

This is the reason behind committing the fraud. The motivation behind the fraud could be the pressure of personal finance, pressure from superiors, sudden changes in circumstances, a sense of being unfairly treated or the pressure of status (lifestyle).

Opportunity

This component is not impacted by a potential fraudster’s needs or desperation. This component determines if there was a chance to commit fraud without being caught. This often comes about due to unenforced controls, weak controls, absent controls, unmonitored operations and negligence. (Controls meaning the actions and protocols in place, either manual or automatic, to keep the risk of fraud at bay and mitigate the occurrence of fraud)

Rationalisation

Where the pressure and opportunity is in place, this component is how a potential fraudster will rationalise and justify to themselves that this intentional act of deceit is fine to perform. Rationalisation is often accomplished through saying that the crime is not that bad and that everyone does it. Fraudsters often persuade themselves with saying phrases like “I deserve this”, “They waste so much money anyway” and “I will hardly impact the company”, to name a few.

Now that the deceitful act of committing fraud has been defined along we internal audit, we can take that step forward into once again what a forensic audit is and when it is appropriate to perform one.

As mentioned above, a forensic audit is an examination and an evaluation of a company’s or an individual’s financial and operational records to find evidence of fraud being committed, to uncover where criminal operations and behaviours have occurred and to use this evidence in legal proceedings. The reason why forensic audits my be chosen for fraud investigations over regular audits is that the evidence found in forensic audits more often than not will be used in court to either prove that the fraud occurred or that it did not.

As with many audits, forensic audits are carried out in a similar fashion in which planning, performing and reporting on the findings of the audit is required. A fundamental aspect of forensic audits is planning the audit and ascertaining the objectives.

Common questions to answer are:

  • How did it happen?
  • What happened?
  • Why did it happen?
  • Who was involved?
  • How much loss occurred?
  • How can we prevent and detect fraud in the future?

Once all objectives and questions have been answered, evidence is structured in a logical way and reported on to the requesting client. Legal proceedings may or may not flow from the report and its evidence. To ensure the best results flow from this, it is important that any complex matters in the case and stated and drawn out in layman’s terms to ensure there are no misunderstandings.

Should your company have a forensic audit?

There are many indicators that may lead to your companying needing a forensic audit to be carried out. The following are some red flag indicators in a behaviour manner that may suggest that fraud may be occurring.

If you believe that there may be:

  • Employees who are living a life beyond their means
  • Employees are in financial dire straits
  • Unsettlingly close relationships between employees and vendors or customers
  • Controls issues (employees unwilling to share duties with others)
  • Employees working for long hours and never taking leave

The following are some operational red flags that may also suggest that fraud may be occurring:

  • Lack of independent checks or audits periodically
  • Lack of management review and oversight
  • Employees abilities to override controls with no questions asked
  • Poor tone at the top
  • Lack of internal controls or a weak control environment
  • Internal Audit findings and conclusions recommending that a fraud investigation should occur

If any of these factors are present then a forensic audit should be considered. A gut feeling about possible deceitful intentions to defraud the company should also not be ignored.

Fraudsters may not have an opportunity to commit fraud if:

  • The company has strong organisational control
  • A Board of Directors takes responsibility for fraud governance
  • A culture of honesty and high ethics
  • There is widespread fraud prevention in place with good policies and procedures including strong fraud deterrence policies, employee training, good open communication channels, surprise visits and audits and a strong Code of Ethics.

Fraud, corruption, embezzlement and deceitful behaviour for personal gain can results in many negative consequences for both companies and individuals. Forensic audits can be useful to uncover this behaviour. Companies should be vigilant and know how to identify fraud, mitigate it and when to call in the experts for a forensic audit.

Craigan Woodward (CIA)

Senior Consultant- Risk Advisory Services, Johannesburg- South Africa