Más contenido relacionado
La actualidad más candente (20)
Similar a Acfe williamsburg 2013 jmk (20)
Más de Jim Kaplan CIA CFE (20)
Acfe williamsburg 2013 jmk
- 1. 7/12/2013
1
THE IMPACT OF TECHNOLOGY
ON STANDARDS AND
DETECTING, PREVENTING AND
INVESTIGATING FRAUD
JIM KAPLAN CIA CFE
PRESIDENT AND FOUNDER
AUDITNET®
A Changing Landscape for Professionals
1© AuditNet® 2013
Agenda
Introduction
Technology Then and Now
Standard Changes and Technology
Evolution of Professional Networking
Latest Technology Tools for Fraud Auditors
Trends and the Future of Audit Technology for
Detecting and Investigating Fraud
2
© AuditNet® 2013
- 2. 7/12/2013
2
Then and Now
3
© AuditNet® 2013
Auditors and Technology
Early Adopters
Innovators (into the new
from Latin
Interested in new
methods & techniques
Risk takers
Forward thinking
Gen X & Y
Laggards
Wait and see
Cautious
Hangs back
Last group to try or
adopt a new product
Dislike change
4
© AuditNet® 2013
- 3. 7/12/2013
3
Standards Evolution
5
1954 to the mid-1960s, the auditing profession was still auditing
around the computer – Why?
1968, the American Institute of Certified Public Accountants (AICPA)
had the Big Eight (now the Big Four) accounting firms participate in
the development of EDP auditing.
December 1974 SAP 3 The Effects of EDP on the Auditor's Study
and Evaluation of Internal Control
1977 Electronic Data Processing Auditors Association (EDPAA)
published Control Objectives
July 1984 SAS 48 The Effects of Computer Processing on the Audit
of Financial Statements
June 2001 SAS 94, The Effect of Information Technology on the
Auditor’s Consideration of Internal Control in a Financial Statement
Audit.
© AuditNet® 2013
Standards and Regulatory Evolution
6
SEC, Final Rule: Management’s Reports on Internal Control Over
Financial Reporting and Certification of Disclosure in Exchange Act
Periodic Reports
PCAOB Auditing Standard No. 2, An Audit of Internal Control Over
Financial Reporting Performed In Conjunction With an Audit of
Financial Statements
SAS 99, Consideration of Fraud in a Financial Statement Audit
SAS 99 Exhibit, Management Antifraud Programs and Controls
Committee of Sponsoring Organizations of the Treadway
Commission, Internal Control—Integrated Framework
United States Sentencing Commission, Guidelines Manual
2009 Internal Auditing and Fraud and GTAG 13: Fraud Prevention
and Detection in an Automated World
© AuditNet® 2013
- 4. 7/12/2013
4
Computers, Auditors and CAATTs
The Evolution of CAATTs 80’s
Around
Through
With
EDP/IT Auditors
Mainframe
Audit Software 90’s
Data extraction and analysis
IT and non IT Auditors
Windows
The Millenium
Software for all phases (planning, fieldwork, GRC)
Cloud computing
7
© AuditNet® 2013
Impact of Technology
Computers and networks provide most of the
information needed for auditing
Computer crime is increasing as fraudsters see
value in information as well as financial assets
Auditors and fraud examiners must use the
computer as an auditing tool
Auditors and fraud examiners must also use the
computer for audit administration
8
© AuditNet® 2013
- 5. 7/12/2013
5
Impact of Technology
What I did in my youth is hundreds of times
easier today. Technology breeds crime
9
© AuditNet® 2013
Impact of New Technology on the
Profession
Professional Standards for
Certified Fraud Examiners
IIA Professional Standards Fraud
and Technology
10
© AuditNet® 2013
- 6. 7/12/2013
6
Certifications for Fraud Auditors
11
Initials Description Organization
CITP Certified Information Technology Professional (CITP AICPA
CFE Certified Fraud Examiner ACFE
CFF Certified in Financial Forensics AICPA
CAMS Certified Anti-Money Laundering Specialist ACALS
CFFA Certified Forensic Financial Analyst (NACVA)
CIFI Certified Insurance Fraud Investigator IASIU
CBCO Certified Bank Compliance Officer BAI
CISA Certified Information Systems Auditor ISACA
CIA Certified Internal Auditors CIA
CPA Certified Public Accountant AICPA
© AuditNet® 2013
New Technologies and their Impact
Mobile computing
The Cloud or Internet based services
SaaS (application based)
PaaS (end to end SDLC)
IaaS (servers, storage, network)
12
© AuditNet® 2013
- 7. 7/12/2013
7
Social Media
Social Media Defined
The good the bad
and the ugly
What is the primary
risk?
13
© AuditNet® 2013
Technology as an Enabler
There is a wide array of specialized tools to
support and enhance the entire spectrum of
internal audit processes … for the most part
(auditors) are not taking advantage of them
Not surprisingly, survey participants predict that
technology will affect internal audit roles and
responsibilities more than any other business
trend.
PwC 2010 Study on the State of the internal audit profession
14
© AuditNet® 2013
- 8. 7/12/2013
8
Audit Software
15
© AuditNet® 2013
Categories of Audit Software Technology
Automated
Issues
Tracking
Electronic
Work Papers
Risk
Assessment
Continuous
Controls
Monitoring
Anti Fraud
Software
GRC
Audit
Management
Software
Audit
Resource
Scheduling
Data
Analytics
16
© AuditNet® 2013
- 9. 7/12/2013
9
Data Analysis for Auditors and CFE’s
Although internal auditors have been doing data analysis for
more than 25 years, it has only recently started to become
standard practice.
By our nature, most accountants and auditors are inclined to
stick with what has worked in the past, rather than reach
outside our comfort zone for an alternative that could help
us accomplish more.
Do you reach outside your comfort zone?
17
© AuditNet® 2013
New Tools New Approach
Technology advances require a change in the approach for
detecting and investigating fraud
Fraud risk analysis is now a required part of an auditors
responsibilities
Proactive approach to detecting fraud
Identifying risks early using audit software to detect
anomalies is no longer optional
Data analytic KSA’s now a basic facet of an auditor’s toolbox
18
© AuditNet® 2013
- 10. 7/12/2013
10
Obstacles to Implementation
Failure to plan for use
Lack of an FRA methodology
Skill set gap -
Department size
Cost implication
Complexity of the software
Resistance in training auditors
Failure of software to meet audit departments needs
19
© AuditNet® 2013
Heard on the Street
Technology Initiatives considered having the most
impact (2012 AICPA Top Technology Issues)
1.Information security
2.Remote access
3.Control and use of mobile devices
4.Business process improvement with technology
5.Data retention policies and structure
6.Privacy policies and compliance
7.Staff and management training
8.Spreadsheet management
9.Overall data proliferation and control
10.Portals (vendor and client/customer)
20
© AuditNet® 2013
- 11. 7/12/2013
11
New Tools for Fraud Examiners
21
© AuditNet® 2013
New Tools
Sept, 2008….
Any device, Any time, Any
where was born
Users not interested in
security, they want to trust,
not to be trusted
Any unprotected device
connected to both the
Internet & and company
LAN poses a security risk
22
© AuditNet® 2013
- 12. 7/12/2013
12
Impact of Technology on Detecting
Fraud
Proactive Fraud Detection
Computer-aided fraud detection skills
Data Extraction
Scripting
Analyzing Data
Automation
Data is the key to detecting fraud with technology
Benford’s Law analysis using technology
Continuous monitoring software suites
23
© AuditNet® 2013
Impact of Technology on Detecting
Fraud
Digital Information Explosion (DIE) has created
greater opportunities for fraud examiners and
auditors.
Asset recovery
Anomalies in data through 100% analysis
Examining digital information on mobile devices
Using social media to profile fraudsters
Social Network Analysis (SNA)
Using data analytics to detect property and casualty
claims fraud
24
© AuditNet® 2013
- 13. 7/12/2013
13
Audit Apps for iPhones/iPads
25
© AuditNet® 2013
Imagine the Possibilities
Access your computer from remote locations
Collaborate using tools from the road
Access audit programs, work papers and more
from your mobile device
Join Anti-Fraud Webinars and Webcasts for
training
Conduct or participate in virtual meetings with
staff, clients etc.
26
© AuditNet® 2013
- 14. 7/12/2013
14
Trends and their Impact
Mobile devices and wireless computing
Smart devices and malware
Cloud sourcing and computing – security, governance
and compliance
Social media platform for communications
Continuous risk and control assessment
Reporting to the Board using SOTA technology
27
© AuditNet® 2013
Skill Set for Future Auditors
Multi-disciplinary less accountants more
business oriented
Critical thinking skills
Strong communication skills
Audit Technology oriented
28
© AuditNet® 2013
- 15. 7/12/2013
15
The Impact of Technology Observations
Not surprisingly, survey participants predict that
technology will affect internal audit roles and
responsibilities more than any other business
trend.
High-performing internal audit functions maximize
the use of technology to enhance the efficiency,
effectiveness, and quality of operations.
PwC 2012 Study on the State of the internal audit profession
29
© AuditNet® 2013
AuditNet® Survey - 2012 State of Technology
Use by Auditors
Profile of Over 1,500 Responses
• 45% 5 or less auditors
• Technology tools used – mostly data analytics and
EWP
• Technology tools least used – monitoring (continuous
audit and fraud), GRC, risk compliance
• Only 17% feel that their auditors are technology
proficient
• Technology training primarily OJT
• 35% maintain an inventory of audit technology
tools
• More than half (54%) rated their department at the
informal use level (ad hoc or none at all) for audit
technology
• Less than 4% rated their department at the highest
maturity level
30
© AuditNet® 2013
- 16. 7/12/2013
16
AuditNet® 10 Point Action Plan for Integrating
Technology in Audit
1. Conduct an inventory of audit technology tools
2. Provide training for all staff in use of audit
technology
3. Measure staff technology KSA
4. Build a business case for audit technology
5. Work with IT and Senior Management on cost
6. Hire auditors with technology skills
7. Find a technology champion and influencer
8. Establish an audit technology assessment
benchmark and update annually
9. Require the use of technology for all audit and
administrative tasks
10. Develop a succession plan so that audit software
does not become shelfware
31
© AuditNet® 2013
Strategic Fraud Detection Approach
32
© AuditNet® 2013
Source: Strategic Fraud Detection: A Technology-Based Model
Conan C. Albrecht W. Steve Albrecht
- 17. 7/12/2013
17
Future Predictions
Standards will mandate use of technology tools for
audit
New generation of auditors must have the KSA to
utilize technology
If auditors and audit departments do not adapt to
new technology they risk outsourcing
Social networking will evolve to professional
networking
Tools will become more intuitive
Knowledge hubs for audit tool, techniques and
resources will consolidate and merge
33
© AuditNet® 2013
Audit Programs and Guides
Auditor’s Guide to Cloud Computing - Security
Considerations.xls
Cloud Matrix_Benefits & Risks.xls
AuditNet® Guide to Social Networking
AuditNet® Guide to Wireless Security
Business Continuity Planning – A Diagnostic Tool
Forensic Document Examination
Data Analytics Enabled Audit Programs for Key Business
Processes
AuditNet® is working to provide tools and resources to
keep pace with new technology!
34
© AuditNet® 2013
- 18. 7/12/2013
18
Fraud Examiner Technology Resources
ACFE Seminars, Books and Training
Introduction to Digital Forensics
Using Data Analytics to Detect Fraud
Investigating on the Internet
FraudResourceNet.com online training
Audit Software – ACL, IDEA, Excel, ActiveData,
TopCAATs
AuditNet® is working to provide tools and resources to
keep pace with new technology!
35
© AuditNet® 2013
Conclusion
I hope that I have provided you
with some useful information
that will stimulate your thought
processes!
Any questions?
36
© AuditNet® 2013
- 19. 7/12/2013
19
Contact Information
If you haven’t been to AuditNet recently please
visit and see our new design and interface
Jim Kaplan CIA, CFE editor@auditnet.org
http://www.auditnet.org
37
© AuditNet® 2013