Chapter 10
advertisement
Chapter 10 Using Information Technology for Fraud Examination and Financial Forensics Critical Thinking Exercise A married couple goes to a movie. During the movie the husband strangles the wife. He is able to get her body home without attracting attention. How is this possible? The Digital Environment • “Garbage-in, garbage-out” • Maintain data integrity • Be able to prove origins and credibility of the data Overview of Information Technology Controls • IT audit – Planning – Tests of controls – Substantive tests • Computer-Aided Audit Tools and Techniques (CAATT) • Application controls – – – – – – Source documents Data coding controls Batch controls Validation controls Record validation Examination of application input system Overview of Information Technology Controls • Processing controls – Ensure processed data maintains its integrity as it moves within the system • Output controls – Spooling – Print programs and bursting – Monitor waste – Identify responsibility Overview of Information Technology Controls • General framework for viewing IT risks and controls – IT operations – Data management systems – New systems development and integration – Systems maintenance – Systems back-up and contingency planning – Electronic commerce – Control over computer operations IT Audits and Assurance Activities • Black box approach – Develop understanding of the system – Test integrity of data and system • White box approach – System walk-throughs (tracing) – Authenticity – Accuracy – Completeness – Redundancy – Access audit trail – Rounding error test IT Audits and Assurance Activities • IT systems personnel may be colluding to conceal fraud • Few understand information technology • IT professional may substitute inappropriate version of software to alter data • IT auditor must ensure entire control environment is examined Digital Evidence • Digital evidence analysis helps sift through, organize and analyze large amounts of evidence – Must be examined with speed and accuracy • Electronic Imaging • Computer forensics • Warrant or subpoena required to obtain digital evidence – Probable cause • Initial acquisition • Maintain good work papers Tools Used to Gather Digital Evidence • Road MASSter – Portable computer forensic lab – Acquire and analyze electronic data – Preview and image hard drives – Completely remove and erase stored files and programs from hard drives • EnCase – Investigate and analyze data in multiple platforms – Identify information despite efforts to hide, cloak or delete data – Manage large volumes of computer evidence Recovering Deleted Files • Deleted files aren’t removed from hard drive • Until computer reuses space where file resides, the data in the file will remain intact • Defrag command – Reorganize hard drive for more efficient data storage • Undelete software – Searches for clues as to the locations of the disk space where the deleted file resides – Examine unallocated disk space Recovering Deleted Email • Emails are stored in mail folders • Each folder is considered a separate file • Prior to compaction, deleted emails may be recovered using software • E-discovery rules require organizations to provide electronic files going back in time – Probability of deleted email recovery is greatly enhanced Restoring Data • More sophisticated approach • Restore lost files under more challenging circumstances • Stop writing to drive to increase probability of recovering data • High security or privacy software make the chance of restoring files non-existent • Manual restoration is sometimes needed – Cost-benefit analysis Detection and Investigation in a Digital Environment • Must have understanding of what could go wrong • Targeted approach required • “Flat file” – Sequential, indexed, hashing and pointer file structures • “Hierarchical and network database” – Relational • “Rifle shot approach” Data Extraction and Analysis Software Functions • • • • • • • • • • • • • Sorting Record selection and extraction Joining files Multi-file processing Correlation analysis Verifying multiples of a number Compliance verification Duplicate searches Vertical ratio analysis Horizontal ration analysis Date functions Recalculations Transactions and balances exceeding expectations Data Extraction and Analysis Software • Choose based on individual case • Which is most appropriate for current investigation? • Two categories of data mining and knowledge discovery software – Public domain/shareware/freeware – Commercial applications IDEA data Analysis Software • • • • Interactive Data Extraction & Analysis Generalized audit software Imports data in differing file formats Examine file statistics and observe raw data values underlying those statistics • Bender’s Law analyses • Compare and recalculate invoices • Helps organize work ACL • • • • • • • Audit Control Language Audit analytics and continuous monitoring software Ensure internal controls compliance Investigate and detect fraudulent activity Continuous auditing Independent verification of transactional data ACL uses in digital environment – – – – – Audit analytics Continuous auditing and monitoring Fraud detection and investigation Regulatory compliance Secure data access Picalo • Data extraction and analysis tools • Used to analyze – – – – – – Financial information Employee records Purchasing systems Accounts receivable and payables Sales Inventory systems • Can be programmed to – – – – analyze network activities web server logs system login records import email into relational or text-based databases Graphics and Graphics Software • Most people are overwhelmed by a page of numbers • Three roles in an investigation – Investigative tool – Identify holes – Communicate investigative findings, conclusions and results • Types of graphics software – – – – The association matrix Link charts Flow Diagrams Time Lines The Association Matrix • Identifies major players who are central to an investigation • Identify linkages between those players • Starting point for reflecting important data in a simplified format • Helps investigator visually see important links The Association Matrix Link Charts • More complex than association matrices • Graphically represent important relationships – Linkages between people, businesses and “organizations” • Create graphic representation of known and suspected associations that are involved in criminal activity Link Charts Flow Diagrams • Analyze movement of events, activities and commodities • Discover meaning of activities and their importance to the investigation Flow Diagram Timeline • Chronologically organize information about events or activities • Help determine what has or may have occurred and the impact those actions had Timeline Other Graphical Formats Case Management Software • Manage cases and case data • Organize case data in meaningful ways • Present information for use in reports or during testimony • Used to initiate investigations • Case management software tools – Analyst’s Notebook i2 – Lexis-Nexis CaseMap Analyst’s Notebook i2 • Visualize complex schemes • Organize and analyze large volumes of seemingly unrelated data • Bring clarity to complex investigations, schemes and scenarios • Increase evidence management efficiency Lexis-Nexis CaseMap • Central repository for case knowledge • Organize information, facts, evidence, documents, people, case issues and applicable law • Evaluates relationships between different attributes of the case information • TimeMap • TextMap • NoteMap • DepMap
